Arbitrary File Read

Jenkins-core is vulnerable to Arbitrary File Read. The vulnerable is due to the command parser improperly substituting the @ character followed by a file path in an argument with the content of the specified file. This flaw allows unauthenticated attackers to read arbitrary files on the Jenkins...

Arbitrary File Read

Jenkins Git server Plugin is vulnerable to Information Disclosure. The vulnerability is caused due to a lack of proper input validation in the Git Server Plugin's command parser feature. This allows an attacker with Overall/Read permission to read content from arbitrary files on the Jenkins...

Exploit for Path Traversal in Jenkins

Jenkins has a built-in command line interface CLI to access J...

CVE-2024-23897

A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents expandAtFiles...

Arbitrary File Read

org.jenkins-ci.plugins: log-command is vulnerable to Arbitrary File Read. The vulnerability is due to the command parser incorrectly sanitizing the @ character followed by a file path in an argument with the file's contents. This allows an unauthenticated attacker to read arbitrary files on the...

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment CI/CD automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution RCE. The issue, assigned the CVE...

FreeBSD : jenkins -- multiple vulnerabilities (8b03d274-56ca-489e-821a-cf32f07643f0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8b03d274-56ca-489e-821a-cf32f07643f0 advisory. - Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI...

Arbitrary file read vulnerability in Git server Plugin can lead to RCE

Jenkins Git server Plugin uses the args4j library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents...

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

CVE-2024-23904

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

CVE-2024-23897

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system...

CVE-2024-23904

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

CVE-2024-23897

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system...

Jenkins Plugin Git server security vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2024-2758 · Jenkins +1 · Jenkins Log Command Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Log Command Plugin versions 1.0.2 and earlier Description: The issue is related to the command parser feature in the Jenkins Log Command Plugin, which replaces an '@' character followed by a file path in an argument with the file's...

Jenkins LTS < 2.426.3 / Jenkins weekly < 2.442 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.426.3 or Jenkins weekly prior to 2.442. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disabl...

PT-2023-13942 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version 5.0.1.5-210720-141020 Description: The issue concerns stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command...