CVE-2024-23898
CVSS v3.1
8.8 (High)
EPSS
0.07 % (32th)
Affected Products
1
Advisories
3
NVD Status
Modified
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.
Weaknesses
- CWE-346
- Origin Validation Error
- CVE Status
- PUBLISHED
- NVD Status
- Modified
- CNA
- Jenkins Project
- Published Date
-
2024-01-24 18:15:09
(7 months ago) - Updated Date
-
2024-05-14 15:01:24
(4 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...