BIT-jenkins-2024-23897

Import Source
https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2024-23897.json
Aliases
Published
2024-02-01T07:19:17.537Z
Modified
2024-03-01T07:47:32.561Z
Details

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

References

Affected packages

Bitnami / jenkins

Package

Name
jenkins

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.426.2