28 matches found
Double free
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
CVE-2024-23904
Jenkins Log Command Plugin version 1.0.2 and earlier is vulnerable. The issue stems from a command parser feature that replaces an '@' character followed by a file path in an argument with the file’s contents, enabling unauthenticated attackers to read arbitrary files on the Jenkins controller fi...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
Jenkins Plugin Log Command Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2024-2758 · Jenkins +1 · Jenkins Log Command Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Log Command Plugin versions 1.0.2 and earlier Description: The issue is related to the command parser feature in the Jenkins Log Command Plugin, which replaces an '@' character followed by a file path in an argument with the file's...
Jenkins plugins Multiple Vulnerabilities (2024-01-24)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character...
Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Destrukor.20 Vulnerability: Unauthenticated Remote Command Execution...