Arbitrary File Read

Jenkins Git server Plugin is vulnerable to Information Disclosure. The vulnerability is caused due to a lack of proper input validation in the Git Server Plugin's command parser feature. This allows an attacker with Overall/Read permission to read content from arbitrary files on the Jenkins...

Maliciously crafted Git server replies can cause DoS on go-git clients

...

Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

...

CVE-2024-23899

A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system...

Arbitrary file read vulnerability in Git server Plugin can lead to RCE

Jenkins Git server Plugin uses the args4j library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents...

GHSA-VPH5-2Q33-7R9H Arbitrary file read vulnerability in Git server Plugin can lead to RCE

Jenkins Git server Plugin uses the args4j library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents...

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

Double free

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

CVE-2024-23899

Technical details about CVE-2024-23899 are not publicly available in the connected documents provided. The initial description contains some specifics, but no further technical root cause, affected versions, or fixes are confirmed here. Monitor for updates.

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

PT-2024-1425 · Jenkins +1 · Jenkins Git Server Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Git server Plugin versions 99.va 0826a b cdfa d and earlier Description: The issue is related to the command parser feature in the Jenkins Git server Plugin that replaces an '@' character followed by a file path in an argument with th...

Jenkins Plugin Git server security vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins plugins Multiple Vulnerabilities (2024-01-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character...

CVE-2023-49568

A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients. Mitigation In cases where a bump to...

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

Design/Logic Flaw

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...