Lucene search

K
prionPRIOn knowledge basePRION:CVE-2024-23898
HistoryJan 24, 2024 - 6:15 p.m.

Cross site scripting

2024-01-2418:15:00
PRIOn knowledge base
www.prio-n.com
8
jenkins
vulnerability
websocket hijacking
cli commands
security

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%