ID CVE-2024-23899
Summary Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:git_server:99.va_0826a_b_cdfa_d:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:git_server:99.va_0826a_b_cdfa_d:*:*:*:*:jenkins:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 31-01-2024 - 18:43
Published 24-01-2024 - 18:15
Last modified 31-01-2024 - 18:43
Back to Top