Lucene search
GitHub Advisory DatabaseGHSA-CJGM-9VC9-56MXHistoryJan 24, 2024 - 6:31 p.m.
Path traversal vulnerability in Jenkins Matrix Project Plugin
2024-01-2418:31:02
CWE-22
GitHub Advisory Database
github.com
10
jenkins
matrix project plugin
path traversal
vulnerability
rest api
configuration file
security
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint.
This allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.
Matrix Project Plugin 822.824.v14451b_c0fd42 sanitizes user-defined axis names of Multi-configuration project.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jenkins-ci.plugins:matrix-project | lt | 822.824.v14451b |
Related
prion
prion
Code injection
2024-01-24 18:15:00
cgr
cgr
CVE-2024-23900 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-23900
2024-01-25 20:22:35
alpinelinux
alpinelinux
CVE-2024-23900
2024-01-24 18:15:09
osv
osv
Path traversal vulnerability in Jenkins Matrix Project Plugin
2024-01-24 18:31:02
CVE-2024-23900
2024-01-24 18:15:09
cve
cve
CVE-2024-23900
2024-01-24 18:15:09
veracode
veracode
Path Traversal
2024-01-29 07:12:08
cvelist
cvelist
CVE-2024-23900
2024-01-24 17:52:24
wolfi
wolfi
CVE-2024-23900 vulnerabilities
2024-05-28 21:07:31
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-01-24)
2024-01-24 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00