CVE-2024-23904
CVSS v3.1
7.5 (High)
EPSS
0.09 % (40th)
Affected Products
1
Advisories
2
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- Jenkins Project
- Published Date
-
2024-01-24 18:15:09
(7 months ago) - Updated Date
-
2024-01-29 19:26:29
(7 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...