Lucene search
GoogleOSV:BIT-JENKINS-2024-23897HistoryMar 06, 2024 - 10:53 a.m.
BIT-jenkins-2024-23897
2024-03-0610:53:54
Google
osv.dev
13
jenkins
security
vulnerability
cli parser
file system
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
References
packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html
packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html
www.openwall.com/lists/oss-security/2024/01/24/6
www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
Related
githubexploit
githubexploit
Exploit for Vulnerability in Jenkins
2024-02-16 23:21:40
Exploit for Vulnerability in Jenkins
2024-02-21 18:32:45
Exploit for Vulnerability in Jenkins
2024-05-03 08:18:51
github
github
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
2024-01-24 18:31:02
hivepro
hivepro
Critical Remote Code Execution Flaws Uncovered in Jenkins
2024-02-01 06:56:33
cvelist
cvelist
CVE-2024-23897
2024-01-24 17:52:22
zdt
zdt
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read Exploit
2024-01-29 00:00:00
metasploit
metasploit
Jenkins cli Ampersand Replacement Arbitrary File Read
2024-01-30 22:12:10
packetstorm
packetstorm
Jenkins 2.441 Local File Inclusion
2024-04-15 00:00:00
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
2024-01-29 00:00:00
cgr
cgr
CVE-2024-23897 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2024-23897
2024-01-24 18:15:09
osv
osv
CVE-2024-23897
2024-01-24 18:15:09
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
2024-01-24 18:31:02
prion
prion
Design/Logic Flaw
2024-01-24 18:15:00
trendmicroblog
trendmicroblog
Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
2024-03-19 00:00:00
redhatcve
redhatcve
CVE-2024-23897
2024-01-25 20:21:50
veracode
veracode
Arbitrary File Read
2024-01-31 06:55:39
alpinelinux
alpinelinux
CVE-2024-23897
2024-01-24 18:15:09
wolfi
wolfi
CVE-2024-23897 vulnerabilities
2024-05-19 21:07:16
exploitdb
exploitdb
Jenkins 2.441 - Local File Inclusion
2024-04-15 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 04/05/2024
2024-04-05 18:59:29
nessus
nessus
Jenkins LTS < 2.426.3 / Jenkins weekly < 2.442 Multiple Vulnerabilities
2024-01-24 00:00:00
FreeBSD : jenkins -- multiple vulnerabilities (8b03d274-56ca-489e-821a-cf32f07643f0)
2024-01-25 00:00:00
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0776)
2024-04-28 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2024-01-24 00:00:00
kitploit
kitploit
CVE-2024-23897 - Jenkins <= 2.441 & <= LTS 2.426.2 PoC And Scanner
2024-02-25 11:30:00
thn
thn
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!
2024-01-25 11:57:00
redhat
redhat
(RHSA-2024:0776) Important: jenkins and jenkins-2-plugins security update
2024-02-12 10:18:15
(RHSA-2024:0775) Important: jenkins and jenkins-2-plugins security update
2024-02-12 10:17:47
(RHSA-2024:0778) Important: Jenkins and Jenkins-2-plugins security update
2024-02-12 10:30:15
redos
redos
ROS-20240411-08
2024-04-11 00:00:00
7.2 High
AI Score
Confidence
High
0.958 High
EPSS
Percentile
99.4%
Related for OSV:BIT-JENKINS-2024-23897