CVE-2024-23900: Path Traversal
First published: Wed Jan 24 2024(Updated: )
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects submitted through the `config.xml` REST API endpoint. This allows attackers with Item/Configure permission to create or replace any `config.xml` file on the Jenkins controller file system with content not controllable by the attackers. Matrix Project Plugin 822.824.v14451b_c0fd42 sanitizes user-defined axis names of Multi-configuration project.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.jenkins-ci.plugins:matrix-project | <822.824.v14451b | 822.824.v14451b |
| Jenkins Matrix Project Jenkins | <=822.v01b_8c85d16d2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289
- http://www.openwall.com/lists/oss-security/2024/01/24/6
- https://nvd.nist.gov/vuln/detail/CVE-2024-23900
- https://github.com/jenkinsci/matrix-project-plugin/commit/f7a5b24905f69896234da34250171c1be80cddb4
- https://github.com/advisories/GHSA-cjgm-9vc9-56mx (Advisory)
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/softwarecombine
- agent/tags
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-cjgm-9vc9-56mx
- alias/CVE-2024-23900
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- collector/github-advisory
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/maven
- vendor/jenkins
- canonical/jenkins matrix project jenkins
- version/jenkins matrix project jenkins/822.v01b_8c85d16d2