ID |
CVE-2024-23899
|
Summary |
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | None |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
|
|
|
|
Impact |
Confidentiality | Integrity | Availability |
|
|
|
|
Last major update |
31-01-2024 - 18:43 |
Published |
24-01-2024 - 18:15 |
Last modified |
31-01-2024 - 18:43 |