Lucene search
JenkinsCVELIST:CVE-2024-23900HistoryJan 24, 2024 - 5:52 p.m.
CVE-2024-23900
2024-01-2417:52:24
jenkins
www.cve.org
jenkins
matrix project plugin
config.xml files
multi-configuration projects
security vulnerability
cve-2024-23900
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.
CNA Affected
[
{
"vendor": "Jenkins Project",
"product": "Jenkins Matrix Project Plugin",
"versions": [
{
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "822.v01b_8c85d16d2",
"status": "affected"
}
],
"defaultStatus": "unaffected"
}
]Related
alpinelinux
alpinelinux
CVE-2024-23900
2024-01-24 18:15:09
nvd
nvd
CVE-2024-23900
2024-01-24 18:15:09
cve
cve
CVE-2024-23900
2024-01-24 18:15:09
osv
osv
Path traversal vulnerability in Jenkins Matrix Project Plugin
2024-01-24 18:31:02
CVE-2024-23900
2024-01-24 18:15:09
veracode
veracode
Path Traversal
2024-01-29 07:12:08
github
github
Path traversal vulnerability in Jenkins Matrix Project Plugin
2024-01-24 18:31:02
cgr
cgr
CVE-2024-23900 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-23900
2024-01-25 20:22:35
prion
prion
Code injection
2024-01-24 18:15:00
wolfi
wolfi
CVE-2024-23900 vulnerabilities
2024-07-03 16:16:08
nessus
nessus
RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2024:3635)
2024-06-05 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.14 OpenShift Jenkins (RHSA-2024:3634)
2024-06-05 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2024:3636)
2024-06-05 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00