CVE-2024-23898

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23898

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23898.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-23898

Aliases

Related

CGA-4h3f-m3qp-f3fr

Published

2024-01-24T18:15:09Z

Modified

2024-09-03T04:38:53.239972Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/jenkins
Events: Introduced

3d8a846a753478d75141de0edd3283d7567dbf50

Last affected

3b0de10df3bedba515e13032104d4d84f83045be

Introduced

d66bd8595e531749e842274a806eabab5cc16a32

Last affected

3eb70099423f93c9de29fca3c6b5b6efd2847ad0

Affected versions

jenkins-2.*

jenkins-2.176.4

jenkins-2.190.1

jenkins-2.190.2

jenkins-2.190.3

jenkins-2.204.1

jenkins-2.204.2

jenkins-2.204.3

jenkins-2.204.4

jenkins-2.204.5

jenkins-2.204.6

jenkins-2.217

jenkins-2.218

jenkins-2.219

jenkins-2.220

jenkins-2.221

jenkins-2.222

jenkins-2.222.1

jenkins-2.222.3

jenkins-2.222.4

jenkins-2.223

jenkins-2.224

jenkins-2.225

jenkins-2.226

jenkins-2.227

jenkins-2.228

jenkins-2.229

jenkins-2.230

jenkins-2.231

jenkins-2.232

jenkins-2.233

jenkins-2.234

jenkins-2.235

jenkins-2.235.1

jenkins-2.235.2

jenkins-2.235.3

jenkins-2.236

jenkins-2.237

jenkins-2.238

jenkins-2.239

jenkins-2.240

jenkins-2.241

jenkins-2.242

jenkins-2.243

jenkins-2.244

jenkins-2.245

jenkins-2.246

jenkins-2.247

jenkins-2.248

jenkins-2.249

jenkins-2.250

jenkins-2.251

jenkins-2.252

jenkins-2.253

jenkins-2.254

jenkins-2.255

jenkins-2.256

jenkins-2.257

jenkins-2.258

jenkins-2.259

jenkins-2.260

jenkins-2.261

jenkins-2.262

jenkins-2.263

jenkins-2.264

jenkins-2.265

jenkins-2.266

jenkins-2.267

jenkins-2.268

jenkins-2.269

jenkins-2.270

jenkins-2.271

jenkins-2.272

jenkins-2.273

jenkins-2.274

jenkins-2.275

jenkins-2.276

jenkins-2.277

jenkins-2.278

jenkins-2.279

jenkins-2.280

jenkins-2.281

jenkins-2.282

jenkins-2.283

jenkins-2.284

jenkins-2.285

jenkins-2.286

jenkins-2.287

jenkins-2.288

jenkins-2.289

jenkins-2.290

jenkins-2.291

jenkins-2.292

jenkins-2.293

jenkins-2.294

jenkins-2.295

jenkins-2.296

jenkins-2.297

jenkins-2.298

jenkins-2.299

jenkins-2.300

jenkins-2.301

jenkins-2.302

jenkins-2.303

jenkins-2.304

jenkins-2.305

jenkins-2.306

jenkins-2.307

jenkins-2.308

jenkins-2.309

jenkins-2.310

jenkins-2.311

jenkins-2.312

jenkins-2.313

jenkins-2.314

jenkins-2.315

jenkins-2.316

jenkins-2.317

jenkins-2.318

jenkins-2.319

jenkins-2.320

jenkins-2.321

jenkins-2.322

jenkins-2.323

jenkins-2.324

jenkins-2.325

jenkins-2.326

jenkins-2.327

jenkins-2.328

jenkins-2.329

jenkins-2.330

jenkins-2.331

jenkins-2.332

jenkins-2.333

jenkins-2.334

jenkins-2.335

jenkins-2.336

jenkins-2.337

jenkins-2.338

jenkins-2.339

jenkins-2.340

jenkins-2.341

jenkins-2.342

jenkins-2.343

jenkins-2.344

jenkins-2.345

jenkins-2.346

jenkins-2.347

jenkins-2.348

jenkins-2.349

jenkins-2.350

jenkins-2.351

jenkins-2.352

jenkins-2.353

jenkins-2.354

jenkins-2.355

jenkins-2.356

jenkins-2.357

jenkins-2.358

jenkins-2.359

jenkins-2.360

jenkins-2.361

jenkins-2.362

jenkins-2.363

jenkins-2.364

jenkins-2.365

jenkins-2.366

jenkins-2.367

jenkins-2.368

jenkins-2.369

jenkins-2.370

jenkins-2.371

jenkins-2.372

jenkins-2.373

jenkins-2.374

jenkins-2.375

jenkins-2.376

jenkins-2.377

jenkins-2.378

jenkins-2.379

jenkins-2.380

jenkins-2.381

jenkins-2.382

jenkins-2.383

jenkins-2.384

jenkins-2.385

jenkins-2.386

jenkins-2.387

jenkins-2.388

jenkins-2.389

jenkins-2.390

jenkins-2.391

jenkins-2.392

jenkins-2.393

jenkins-2.394

jenkins-2.395

jenkins-2.396

jenkins-2.397

jenkins-2.398

jenkins-2.399

jenkins-2.400

jenkins-2.401

jenkins-2.402

jenkins-2.403

jenkins-2.404

jenkins-2.405

jenkins-2.406

jenkins-2.407

jenkins-2.408

jenkins-2.409

jenkins-2.410

jenkins-2.411

jenkins-2.412

jenkins-2.413

jenkins-2.414

jenkins-2.415

jenkins-2.416

jenkins-2.417

jenkins-2.418

jenkins-2.419

jenkins-2.420

jenkins-2.421

jenkins-2.422

jenkins-2.423

jenkins-2.424

jenkins-2.425

jenkins-2.426

jenkins-2.426.1

jenkins-2.426.1-rc

jenkins-2.426.1-rc-2

jenkins-2.426.2

jenkins-2.426.2-rc-1

jenkins-2.427

jenkins-2.428

jenkins-2.429

jenkins-2.430

jenkins-2.431

jenkins-2.432

jenkins-2.433

jenkins-2.434

jenkins-2.435

jenkins-2.436

jenkins-2.437

jenkins-2.438

jenkins-2.439

jenkins-2.440

jenkins-2.441

Other

list