Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2024-23897
Topic description: "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. ..."
"CVE-2024-23897 has been identified as an arbitrary file read vulnerability in Jenkins, specifically through its built-in command line interface (CLI) ..."
Link: https://www.attackerkb.com/assessments/bfc5dce6-718d-4e43-a6f4-07e88f4e09cf
Topic description: "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. ..."
"CVE-2024-23897 has been identified as an arbitrary file read vulnerability in Jenkins, specifically through its built-in command line interface (CLI) ..."
Link: https://www.attackerkb.com/assessments/bfc5dce6-718d-4e43-a6f4-07e88f4e09cf
0
0
0