Vulnerability-Lookup

CVE-2024-23897 (GCVE-0-2024-23897)

Vulnerability from cvelistv5 – Published: 2024-01-24 17:52 – Updated: 2025-10-21 23:05

Summary

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-27 - Path Traversal: 'dir/../../filename'

Assigner

jenkins

References

URL

Tags

	https://www.jenkins.io/security/advisory/2024-01-…	vendor-advisory
	https://www.sonarsource.com/blog/excessive-expans…
	http://www.openwall.com/lists/oss-security/2024/01/24/6
	http://packetstormsecurity.com/files/176839/Jenki…
	http://packetstormsecurity.com/files/176840/Jenki…

Impacted products

	Vendor	Product	Version
	Jenkins Project	Jenkins	Unaffected: 0 , < 1.606 (maven) Unaffected: 2.442 , < * (maven) Unaffected: 2.426.3 , < 2.426.* (maven) Unaffected: 2.440.1 , < 2.440.* (maven)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-19T07:48:11.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Jenkins Security Advisory 2024-01-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "jenkins",
            "vendor": "jenkins",
            "versions": [
              {
                "lessThan": "1.606",
                "status": "unaffected",
                "version": "0",
                "versionType": "maven"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2.442",
                "versionType": "maven"
              },
              {
                "lessThan": "2.427",
                "status": "unaffected",
                "version": "2.426.3",
                "versionType": "maven"
              },
              {
                "lessThan": "2.441",
                "status": "unaffected",
                "version": "2.440.1",
                "versionType": "maven"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "jenkins",
            "vendor": "jenkins",
            "versions": [
              {
                "lessThan": "1.606",
                "status": "unaffected",
                "version": "0",
                "versionType": "maven"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2.442",
                "versionType": "maven"
              },
              {
                "lessThan": "2.427",
                "status": "unaffected",
                "version": "2.426.3",
                "versionType": "maven"
              },
              {
                "lessThan": "2.441",
                "status": "unaffected",
                "version": "2.440.1",
                "versionType": "maven"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "jenkins",
            "vendor": "jenkins",
            "versions": [
              {
                "lessThan": "1.606",
                "status": "unaffected",
                "version": "0",
                "versionType": "maven"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2.442",
                "versionType": "maven"
              },
              {
                "lessThan": "2.427",
                "status": "unaffected",
                "version": "2.426.3",
                "versionType": "maven"
              },
              {
                "lessThan": "2.441",
                "status": "unaffected",
                "version": "2.440.1",
                "versionType": "maven"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "jenkins",
            "vendor": "jenkins",
            "versions": [
              {
                "lessThan": "1.606",
                "status": "unaffected",
                "version": "0",
                "versionType": "maven"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2.442",
                "versionType": "maven"
              },
              {
                "lessThan": "2.427",
                "status": "unaffected",
                "version": "2.426.3",
                "versionType": "maven"
              },
              {
                "lessThan": "2.441",
                "status": "unaffected",
                "version": "2.440.1",
                "versionType": "maven"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23897",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T15:35:31.038735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-08-19",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23897"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-27",
                "description": "CWE-27 Path Traversal: \u0027dir/../../filename\u0027",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:25.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23897"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-08-19T00:00:00+00:00",
            "value": "CVE-2024-23897 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Jenkins",
          "vendor": "Jenkins Project",
          "versions": [
            {
              "lessThan": "1.606",
              "status": "unaffected",
              "version": "0",
              "versionType": "maven"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.442",
              "versionType": "maven"
            },
            {
              "lessThan": "2.426.*",
              "status": "unaffected",
              "version": "2.426.3",
              "versionType": "maven"
            },
            {
              "lessThan": "2.440.*",
              "status": "unaffected",
              "version": "2.440.1",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-15T15:06:41.647Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "name": "Jenkins Security Advisory 2024-01-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
        },
        {
          "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
        },
        {
          "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2024-23897",
    "datePublished": "2024-01-24T17:52:22.842Z",
    "dateReserved": "2024-01-23T12:46:51.263Z",
    "dateUpdated": "2025-10-21T23:05:25.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-23897",
      "cwes": "[\"CWE-27\"]",
      "dateAdded": "2024-08-19",
      "dueDate": "2024-09-09",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897",
      "product": "Jenkins Command Line Interface (CLI)",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.",
      "vendorProject": "Jenkins",
      "vulnerabilityName": "Jenkins Command Line Interface (CLI) Path Traversal Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"affected\", \"product\": \"Jenkins\", \"vendor\": \"Jenkins Project\", \"versions\": [{\"lessThan\": \"1.606\", \"status\": \"unaffected\", \"version\": \"0\", \"versionType\": \"maven\"}, {\"lessThan\": \"*\", \"status\": \"unaffected\", \"version\": \"2.442\", \"versionType\": \"maven\"}, {\"lessThan\": \"2.426.*\", \"status\": \"unaffected\", \"version\": \"2.426.3\", \"versionType\": \"maven\"}, {\"lessThan\": \"2.440.*\", \"status\": \"unaffected\", \"version\": \"2.440.1\", \"versionType\": \"maven\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.\"}], \"providerMetadata\": {\"orgId\": \"39769cd5-e6e2-4dc8-927e-97b3aa056f5b\", \"shortName\": \"jenkins\", \"dateUpdated\": \"2024-04-15T15:06:41.647Z\"}, \"references\": [{\"name\": \"Jenkins Security Advisory 2024-01-24\", \"tags\": [\"vendor-advisory\"], \"url\": \"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314\"}, {\"url\": \"https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/24/6\"}, {\"url\": \"http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html\"}, {\"url\": \"http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html\"}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-19T07:48:11.721Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"Jenkins Security Advisory 2024-01-24\", \"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314\"}, {\"url\": \"https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/24/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23897\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-19T15:35:31.038735Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-08-19\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23897\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*\"], \"vendor\": \"jenkins\", \"product\": \"jenkins\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"1.606\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.442\", \"lessThan\": \"*\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.426.3\", \"lessThan\": \"2.427\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.440.1\", \"lessThan\": \"2.441\", \"versionType\": \"maven\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*\"], \"vendor\": \"jenkins\", \"product\": \"jenkins\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"1.606\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.442\", \"lessThan\": \"*\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.426.3\", \"lessThan\": \"2.427\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.440.1\", \"lessThan\": \"2.441\", \"versionType\": \"maven\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*\"], \"vendor\": \"jenkins\", \"product\": \"jenkins\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"1.606\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.442\", \"lessThan\": \"*\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.426.3\", \"lessThan\": \"2.427\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.440.1\", \"lessThan\": \"2.441\", \"versionType\": \"maven\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*\"], \"vendor\": \"jenkins\", \"product\": \"jenkins\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"1.606\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.442\", \"lessThan\": \"*\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.426.3\", \"lessThan\": \"2.427\", \"versionType\": \"maven\"}, {\"status\": \"unaffected\", \"version\": \"2.440.1\", \"lessThan\": \"2.441\", \"versionType\": \"maven\"}], \"defaultStatus\": \"affected\"}], \"timeline\": [{\"time\": \"2024-08-19T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2024-23897 added to CISA KEV\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-27\", \"description\": \"CWE-27 Path Traversal: \u0027dir/../../filename\u0027\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-19T13:11:17.985Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-23897\", \"assignerOrgId\": \"39769cd5-e6e2-4dc8-927e-97b3aa056f5b\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"jenkins\", \"dateReserved\": \"2024-01-23T12:46:51.263Z\", \"datePublished\": \"2024-01-24T17:52:22.842Z\", \"dateUpdated\": \"2025-07-30T01:37:08.171Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2024-23897

Vulnerability from gsd - Updated: 2024-01-24 06:02

Details

Aliases

CVE-2024-23897

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-23897"
      ],
      "details": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.",
      "id": "GSD-2024-23897",
      "modified": "2024-01-24T06:02:25.036624Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "jenkinsci-cert@googlegroups.com",
        "ID": "CVE-2024-23897",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Jenkins",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "1.606",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "maven"
                              },
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "2.442",
                                "versionType": "maven"
                              },
                              {
                                "lessThan": "2.426.*",
                                "status": "unaffected",
                                "version": "2.426.3",
                                "versionType": "maven"
                              },
                              {
                                "lessThan": "2.440.*",
                                "status": "unaffected",
                                "version": "2.440.1",
                                "versionType": "maven"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Jenkins Project"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314",
            "refsource": "MISC",
            "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
          },
          {
            "name": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/",
            "refsource": "MISC",
            "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
          },
          {
            "name": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                    "matchCriteriaId": "669379F5-5F67-4002-AD76-F8C470C89D61",
                    "versionEndExcluding": "2.426.3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
                    "matchCriteriaId": "493B263C-C8C7-4741-B7F8-B672E86CC8B4",
                    "versionEndExcluding": "2.442",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."
          },
          {
            "lang": "es",
            "value": "Jenkins 2.441 y anteriores, LTS 2.426.2 y anteriores no desactivan una funci\u00f3n de su analizador de comandos CLI que reemplaza un car\u00e1cter \u0027@\u0027 seguido de una ruta de archivo en un argumento con el contenido del archivo, lo que permite a atacantes no autenticados leer archivos arbitrarios en el sistema de archivos del controlador Jenkins."
          }
        ],
        "id": "CVE-2024-23897",
        "lastModified": "2024-03-07T17:47:35.020",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-01-24T18:15:09.370",
        "references": [
          {
            "source": "jenkinsci-cert@googlegroups.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
          },
          {
            "source": "jenkinsci-cert@googlegroups.com",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
          },
          {
            "source": "jenkinsci-cert@googlegroups.com",
            "tags": [
              "Mailing List"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
          },
          {
            "source": "jenkinsci-cert@googlegroups.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
          }
        ],
        "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

bit-jenkins-2024-23897

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:53

Modified

2025-10-22 09:08

Summary

Details

Jenkins LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "jenkins",
        "purl": "pkg:bitnami/jenkins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.452.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-23897"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
      "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "Jenkins LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.",
  "id": "BIT-jenkins-2024-23897",
  "modified": "2025-10-22T09:08:25.162Z",
  "published": "2024-03-06T10:53:54.098Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
    },
    {
      "type": "WEB",
      "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23897"
    }
  ],
  "schema_version": "1.5.0"
}

FKIE_CVE-2024-23897

Vulnerability from fkie_nvd - Published: 2024-01-24 18:15 - Updated: 2025-10-24 14:49

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
jenkinsci-cert@googlegroups.com	http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html	Third Party Advisory, VDB Entry
jenkinsci-cert@googlegroups.com	http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html	Exploit, Third Party Advisory, VDB Entry
jenkinsci-cert@googlegroups.com	http://www.openwall.com/lists/oss-security/2024/01/24/6	Mailing List
jenkinsci-cert@googlegroups.com	https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314	Vendor Advisory
jenkinsci-cert@googlegroups.com	https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/	Exploit, Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/01/24/6	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/	Exploit, Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23897	US Government Resource

Impacted products

	Vendor	Product	Version
	jenkins	jenkins	*
	jenkins	jenkins	*

JSON

To clipboard

{
  "cisaActionDue": "2024-09-09",
  "cisaExploitAdd": "2024-08-19",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Jenkins Command Line Interface (CLI) Path Traversal Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "669379F5-5F67-4002-AD76-F8C470C89D61",
              "versionEndExcluding": "2.426.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "493B263C-C8C7-4741-B7F8-B672E86CC8B4",
              "versionEndExcluding": "2.442",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."
    },
    {
      "lang": "es",
      "value": "Jenkins 2.441 y anteriores, LTS 2.426.2 y anteriores no desactivan una funci\u00f3n de su analizador de comandos CLI que reemplaza un car\u00e1cter \u0027@\u0027 seguido de una ruta de archivo en un argumento con el contenido del archivo, lo que permite a atacantes no autenticados leer archivos arbitrarios en el sistema de archivos del controlador Jenkins."
    }
  ],
  "id": "CVE-2024-23897",
  "lastModified": "2025-10-24T14:49:09.100",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-24T18:15:09.370",
  "references": [
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
    },
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
    },
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
    },
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
    },
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Exploit",
        "Press/Media Coverage"
      ],
      "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Press/Media Coverage"
      ],
      "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23897"
    }
  ],
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-27"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-6F9G-CXWR-Q5JR

Vulnerability from github – Published: 2024-01-24 18:31 – Updated: 2025-10-22 19:24

Summary

Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE

Details

Jenkins has a built-in command line interface (CLI) to access Jenkins from a script or shell environment.

Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.

This allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.

Attackers with Overall/Read permission can read entire files.
Attackers without Overall/Read permission can read the first few lines of files. The number of lines that can be read depends on available CLI commands. As of publication of this advisory, the Jenkins security team has found ways to read the first three lines of files in recent releases of Jenkins without having any plugins installed, and has not identified any plugins that would increase this line count.

Binary files containing cryptographic keys used for various Jenkins features can also be read, with some limitations (see note on binary files below). As of publication, the Jenkins security team has confirmed the following possible attacks in addition to reading contents of all files with a known file path. All of them leverage attackers' ability to obtain cryptographic keys from binary files, and are therefore only applicable to instances where that is feasible.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.426.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.606"
            },
            {
              "fixed": "2.426.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.427"
            },
            {
              "fixed": "2.440.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.441"
            },
            {
              "fixed": "2.442"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.441"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-23897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-27"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-26T01:56:43Z",
    "nvd_published_at": "2024-01-24T18:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "Jenkins has a built-in command line interface (CLI) to access Jenkins from a script or shell environment.\n\nJenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file\u2019s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.\n\nThis allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.\n\n* Attackers with Overall/Read permission can read entire files.\n\n* Attackers without Overall/Read permission can read the first few lines of files. The number of lines that can be read depends on available CLI commands. As of publication of this advisory, the Jenkins security team has found ways to read the first three lines of files in recent releases of Jenkins without having any plugins installed, and has not identified any plugins that would increase this line count.\n\nBinary files containing cryptographic keys used for various Jenkins features can also be read, with some limitations (see note on binary files below). As of publication, the Jenkins security team has confirmed the following possible attacks in addition to reading contents of all files with a known file path. All of them leverage attackers\u0027 ability to obtain cryptographic keys from binary files, and are therefore only applicable to instances where that is feasible.",
  "id": "GHSA-6f9g-cxwr-q5jr",
  "modified": "2025-10-22T19:24:52Z",
  "published": "2024-01-24T18:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/jenkins/commit/554f03782057c499c49bbb06575f0d28b5200edb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/jenkins"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23897"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/changelog-stable/#v2.440.1"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
    },
    {
      "type": "WEB",
      "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE"
}

CVE-2024-23897

Vulnerability from fstec - Published: 24.01.2024

Title

Уязвимость библиотеки args4j встроенного интерфейса командной строки (CLI) сервера автоматизации Jenkins, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость библиотеки args4j встроенного интерфейса командной строки (CLI) сервера автоматизации Jenkins связана с недостаточной защитой служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ООО «Ред Софт», CD Foundation

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Jenkins

Software Version

7.3 (РЕД ОС), от 2.0 до 2.442 (Jenkins), до LTS 2.426.3 (Jenkins)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование средств межсетевого экранирования для ограничения возможности удалённого доступа к серверу; - отключение функции синтаксического анализатора командной строки; - отключение доступа к встроенному интерфейсу командной строки (CLI). Использование рекомендаций производителя: Для Jenkins: https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Reference

https://safe-surf.ru/upload/VULN-new/VULN.2024-01-26.1.pdf https://vuldb.com/?id.251997 http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

CWE

CWE-200, CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, CD Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 2.0 \u0434\u043e 2.442 (Jenkins), \u0434\u043e LTS 2.426.3 (Jenkins)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f Jenkins:\nhttps://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.01.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00750",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-23897",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Jenkins",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 args4j \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 Jenkins, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 args4j \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 Jenkins \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://safe-surf.ru/upload/VULN-new/VULN.2024-01-26.1.pdf\nhttps://vuldb.com/?id.251997\nhttp://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html\nhttp://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html\nhttps://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-23897 (GCVE-0-2024-23897)

GSD-2024-23897

bit-jenkins-2024-23897

Vulnerability from bitnami_vulndb

FKIE_CVE-2024-23897

GHSA-6F9G-CXWR-Q5JR

CVE-2024-23897

Tags

Sightings

Nomenclature