Lucene search

K
hiveproHiveForce LabsHIVEPRO:F3234E3F7B0F3D1658703A7250732733
HistoryFeb 01, 2024 - 6:56 a.m.

Critical Remote Code Execution Flaws Uncovered in Jenkins

2024-02-0106:56:33
HiveForce Labs
www.hivepro.com
23
jenkins
remote code execution
vulnerabilities
arbitrary commands
unauthorized access
system files
attack vectors
cve-2024-23897
threat level red

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.615 Medium

EPSS

Percentile

97.5%

Summary: Multiple vulnerabilities have been discovered in Jenkins and number of associated plugins, allowing attackers unauthorized data access and execute arbitrary commands. The critical vulnerability CVE-2024-23897, allows attackers to read system files and opens number of attack vectors associated with Remote Code Execution. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download the pdf file here To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.615 Medium

EPSS

Percentile

97.5%