CVE-2024-23900: Path Traversal
First published: Wed Jan 24 2024(Updated: )
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects submitted through the `config.xml` REST API endpoint. This allows attackers with Item/Configure permission to create or replace any `config.xml` file on the Jenkins controller file system with content not controllable by the attackers. Matrix Project Plugin 822.824.v14451b_c0fd42 sanitizes user-defined axis names of Multi-configuration project.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.jenkins-ci.plugins:matrix-project | <822.824.v14451b | 822.824.v14451b |
| redhat/matrix-project | <822.824. | 822.824. |
| Jenkins Matrix Project | <=822.v01b_8c85d16d2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289
- http://www.openwall.com/lists/oss-security/2024/01/24/6
- https://nvd.nist.gov/vuln/detail/CVE-2024-23900
- https://github.com/jenkinsci/matrix-project-plugin/commit/f7a5b24905f69896234da34250171c1be80cddb4
- https://github.com/advisories/GHSA-cjgm-9vc9-56mx (Advisory)
- https://access.redhat.com/errata/RHSA-2024:3636
- https://access.redhat.com/errata/RHSA-2024:3634
- https://access.redhat.com/errata/RHSA-2024:3635
- https://access.redhat.com/errata/RHSA-2024:4597
- https://bugzilla.redhat.com/show_bug.cgi?id=2260184
Frequently Asked Questions
What is the severity of CVE-2024-23900?
CVE-2024-23900 has been classified with a high severity level due to its potential to allow unauthorized access to modify Jenkins configuration.
How do I fix CVE-2024-23900?
To fix CVE-2024-23900, upgrade the Jenkins Matrix Project Plugin to version 822.824.v14451b or later.
What versions are affected by CVE-2024-23900?
CVE-2024-23900 affects Jenkins Matrix Project Plugin versions up to 822.v01b_8c85d16d2.
Who is impacted by CVE-2024-23900?
Users or systems running vulnerable versions of the Jenkins Matrix Project Plugin with Item/Configure permission are at risk due to CVE-2024-23900.
Can CVE-2024-23900 be exploited remotely?
Yes, CVE-2024-23900 can potentially be exploited remotely if an attacker has the requisite permissions in Jenkins.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-cjgm-9vc9-56mx
- alias/CVE-2024-23900
- agent/software-canonical-lookup
- agent/event
- collector/github-advisory
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/description
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/maven
- package-manager/redhat
- vendor/jenkins
- canonical/jenkins matrix project
- version/jenkins matrix project/822.v01b_8c85d16d2