Russian Vulnerability Scanner Database

Back to List

CVE-2024-23897

Scores

EPSS Score

0.9435

CVSS

3.x 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
0.0

Description

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

Sources

debiannvdredhat

CWEs

CWE-22CWE-88

Related Vulnerabilities

BDU:2024-00750oval:redos:def:1783

Exploits

Exploit ID: CVE-2024-23897

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 51993

Source: exploitdb

URL: https://www.exploit-db.com/exploits/51993

Reference Links

http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html
http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html
http://www.openwall.com/lists/oss-security/2024/01/24/6
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html
http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html
http://www.openwall.com/lists/oss-security/2024/01/24/6
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1
https://www.cve.org/CVERecord?id=CVE-2024-23897 https://nvd.nist.gov/vuln/detail/CVE-2024-23897 http://www.openwall.com/lists/oss-security/2024/01/24/6 https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://bugzilla.redhat.com/show_bug.cgi?id=2260180

Vulnerable Software

Type: Configuration

Product: jenkins

Operating System: debian

Trait: 
{
  "unfixed": true
}

Source: debian

Type: Configuration

Product: jenkins

Operating System: rhel

Trait: 
{
  "fixed": "2.426.3.1706515686-3.el8"
}

Source: redhat

Type: Configuration

Product: jenkins

Operating System: rhel

Trait: 
{
  "fixed": "2.426.3.1706516254-3.el8"
}

Source: redhat

Type: Configuration

Product: jenkins

Operating System: rhel

Trait: 
{
  "fixed": "2.426.3.1706516929-3.el8"
}

Source: redhat

Type: Configuration

Vendor: jenkins

Product: jenkins

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
      "versionEndExcluding": "2.426.3",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
      "versionEndExcluding": "2.442",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd