{"vulnerability": "cve-2024-2390", "sightings": [{"uuid": "214ac5da-5371-4f8d-8c7e-3a955fdb4019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23905", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19048", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23905\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.\n\ud83d\udccf Published: 2024-01-24T17:52:27.960Z\n\ud83d\udccf Modified: 2025-06-20T19:33:21.796Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3322\n2. http://www.openwall.com/lists/oss-security/2024/01/24/6", "creation_timestamp": "2025-06-20T19:43:32.000000Z"}, {"uuid": "a61ef92a-39cd-45f6-bfe8-ce72d097bafa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23904", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-23904\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.\n\ud83d\udccf Published: 2024-01-24T17:52:27.324Z\n\ud83d\udccf Modified: 2025-06-20T19:30:22.525Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3334\n2. http://www.openwall.com/lists/oss-security/2024/01/24/6", "creation_timestamp": "2025-06-20T19:43:36.000000Z"}, {"uuid": "6dafe5c0-2f06-4c54-9fa9-f0ef6fa49275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23906", "type": "seen", "source": "https://t.me/cvedetector/5329", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-23906 - Controller 6000 and 7000 Cross-Site Scripting (CWE-79)\", \n  \"Content\": \"CVE ID : CVE-2024-23906 \nPublished : Sept. 11, 2024, 4:15 a.m. | 43\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session.  \n  \n   \n  \n  \n  \nThis issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T06:58:45.000000Z"}, {"uuid": "fb87c29d-ac82-4c52-ad15-c1aace2ce5d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23904", "type": "seen", "source": "https://t.me/arpsyndicate/3288", "content": "#ExploitObserverAlert\n\nCVE-2024-23904\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-23904. Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.", "creation_timestamp": "2024-01-28T12:25:22.000000Z"}, {"uuid": "634d0d3e-8d33-4b0f-ab53-0409a6682822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2390", "type": "seen", "source": "https://t.me/ctinow/210782", "content": "https://ift.tt/EsoiKxm\nCVE-2024-2390", "creation_timestamp": "2024-03-18T17:32:16.000000Z"}, {"uuid": "190a729f-9365-4ad2-9d1d-84a9115d633d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2390", "type": "seen", "source": "https://t.me/ctinow/210768", "content": "https://ift.tt/EsoiKxm\nCVE-2024-2390", "creation_timestamp": "2024-03-18T17:27:11.000000Z"}, {"uuid": "4a79f8c4-31ab-4989-a427-3b7ab683409d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23904", "type": "seen", "source": "https://t.me/ctinow/187205", "content": "https://ift.tt/KAu7aHB\nCVE-2024-23904 | Log Command Plugin up to 1.0.2 on Jenkins args4j command path traversal", "creation_timestamp": "2024-02-18T10:48:44.000000Z"}, {"uuid": "6026fb9c-c7cd-4f84-ae85-f44a7a2f61d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23905", "type": "seen", "source": "https://t.me/ctinow/187201", "content": "https://ift.tt/1eZd4iS\nCVE-2024-23905 | Red Hat Dependency Analytics Plugin up to 0.7.1 on Jenkins improper restriction of rendered ui layers", "creation_timestamp": "2024-02-18T10:12:27.000000Z"}, {"uuid": "1cfc673d-98e2-473c-bc02-4bc3456663b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23903", "type": "seen", "source": "https://t.me/ctinow/187200", "content": "https://ift.tt/38qOpXo\nCVE-2024-23903 | GitLab Branch Source Plugin up to 684.vea_fa_7c1e2fe3 on Jenkins Webhook Token comparison", "creation_timestamp": "2024-02-18T10:12:26.000000Z"}, {"uuid": "f7af53c6-313d-4158-93fa-1a46152c702b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23902", "type": "seen", "source": "https://t.me/ctinow/187199", "content": "https://ift.tt/qlDOIZG\nCVE-2024-23902 | GitLab Branch Source Plugin up to 684.vea_fa_7c1e2fe3 on Jenkins POST Request cross-site request forgery", "creation_timestamp": "2024-02-18T10:12:25.000000Z"}, {"uuid": "0462d6ca-02eb-4c4a-9b02-e26cadb60c06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23901", "type": "seen", "source": "https://t.me/ctinow/187198", "content": "https://ift.tt/S9VBR1F\nCVE-2024-23901 | GitLab Branch Source Plugin up to 684.vea_fa_7c1e2fe3 on Jenkins Project Sharing access control", "creation_timestamp": "2024-02-18T09:36:16.000000Z"}, {"uuid": "38a9af03-6d64-4dd9-bf97-c0ac02f4a67b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23900", "type": "seen", "source": "https://t.me/ctinow/187197", "content": "https://ift.tt/A03cQie\nCVE-2024-23900 | Matrix Project Plugin up to 822.v01b_8c85d16d2 on Jenkins REST API path traversal", "creation_timestamp": "2024-02-18T09:36:15.000000Z"}, {"uuid": "addeaa0c-53a2-4e0a-b64f-f926d8a8c305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23905", "type": "seen", "source": "https://t.me/ctinow/173038", "content": "https://ift.tt/nD9gAfQ\nCVE-2024-23905", "creation_timestamp": "2024-01-24T19:27:11.000000Z"}, {"uuid": "387dec31-ad02-4ebc-ba49-116a091a217d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23904", "type": "seen", "source": "https://t.me/ctinow/173037", "content": "https://ift.tt/QI3TKwk\nCVE-2024-23904", "creation_timestamp": "2024-01-24T19:27:10.000000Z"}, {"uuid": "f9d588e2-3492-421a-9220-a077452529f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23903", "type": "seen", "source": "https://t.me/ctinow/173036", "content": "https://ift.tt/FqtfbXV\nCVE-2024-23903", "creation_timestamp": "2024-01-24T19:27:09.000000Z"}, {"uuid": "effe20e3-1c78-4282-9bc5-77a491489c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23902", "type": "seen", "source": "https://t.me/ctinow/173035", "content": "https://ift.tt/HOdATP1\nCVE-2024-23902", "creation_timestamp": "2024-01-24T19:27:08.000000Z"}, {"uuid": "c9d8cee5-d760-4079-9629-0a1293279d07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23901", "type": "seen", "source": "https://t.me/ctinow/173034", "content": "https://ift.tt/vbKAkLs\nCVE-2024-23901", "creation_timestamp": "2024-01-24T19:27:07.000000Z"}, {"uuid": "2ad93dfd-4d4c-4802-a868-dffdae7af881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23900", "type": "seen", "source": "https://t.me/ctinow/173033", "content": "https://ift.tt/PAdrWCU\nCVE-2024-23900", "creation_timestamp": "2024-01-24T19:27:05.000000Z"}]}