Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45247
HistoryJan 31, 2024 - 6:55 a.m.

Arbitrary File Read

2024-01-3106:55:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
jenkins
arbitrary file read
vulnerability
command parser
unauthenticated attackers
controller filesystem

6.7 Medium

AI Score

Confidence

Low

0.958 High

EPSS

Percentile

99.4%

Jenkins-core is vulnerable to Arbitrary File Read. The vulnerable is due to the command parser improperly substituting the @ character followed by a file path in an argument with the content of the specified file. This flaw allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system.