CVE-2024-23897
Vulnerability from cvelistv5
Published
2024-01-24 17:52
Modified
2024-08-19 16:20
Severity ?
Summary
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Impacted products
Jenkins ProjectJenkins
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2024-08-19

Due date: 2024-09-09

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Known

Notes: https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-19T07:48:11.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Jenkins Security Advisory 2024-01-24",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "jenkins",
            "vendor": "jenkins",
            "versions": [
              {
                "lessThan": "1.606",
                "status": "unaffected",
                "version": "0",
                "versionType": "maven"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2.442",
                "versionType": "maven"
              },
              {
                "lessThan": "2.427",
                "status": "unaffected",
                "version": "2.426.3",
                "versionType": "maven"
              },
              {
                "lessThan": "2.441",
                "status": "unaffected",
                "version": "2.440.1",
                "versionType": "maven"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23897",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "Yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T15:35:31.038735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-08-19",
                "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-27",
                "description": "CWE-27 Path Traversal: \u0027dir/../../filename\u0027",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T16:20:22.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-08-19T00:00:00+00:00",
            "value": "CVE-2024-23897 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Jenkins",
          "vendor": "Jenkins Project",
          "versions": [
            {
              "lessThan": "1.606",
              "status": "unaffected",
              "version": "0",
              "versionType": "maven"
            },
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.442",
              "versionType": "maven"
            },
            {
              "lessThan": "2.426.*",
              "status": "unaffected",
              "version": "2.426.3",
              "versionType": "maven"
            },
            {
              "lessThan": "2.440.*",
              "status": "unaffected",
              "version": "2.440.1",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-15T15:06:41.647Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "name": "Jenkins Security Advisory 2024-01-24",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"
        },
        {
          "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"
        },
        {
          "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2024-23897",
    "datePublished": "2024-01-24T17:52:22.842Z",
    "dateReserved": "2024-01-23T12:46:51.263Z",
    "dateUpdated": "2024-08-19T16:20:22.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-23897",
      "cwes": "[\"CWE-27\"]",
      "dateAdded": "2024-08-19",
      "dueDate": "2024-09-09",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897",
      "product": "Jenkins Command Line Interface (CLI)",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.",
      "vendorProject": "Jenkins",
      "vulnerabilityName": "Jenkins Command Line Interface (CLI) Path Traversal Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-23897\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2024-01-24T18:15:09.370\",\"lastModified\":\"2024-08-20T13:34:22.773\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"cisaExploitAdd\":\"2024-08-19\",\"cisaActionDue\":\"2024-09-09\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Jenkins Command Line Interface (CLI) Path Traversal Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an \u0027@\u0027 character followed by a file path in an argument with the file\u0027s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.\"},{\"lang\":\"es\",\"value\":\"Jenkins 2.441 y anteriores, LTS 2.426.2 y anteriores no desactivan una funci\u00f3n de su analizador de comandos CLI que reemplaza un car\u00e1cter \u0027@\u0027 seguido de una ruta de archivo en un argumento con el contenido del archivo, lo que permite a atacantes no autenticados leer archivos arbitrarios en el sistema de archivos del controlador Jenkins.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-27\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"2.426.3\",\"matchCriteriaId\":\"669379F5-5F67-4002-AD76-F8C470C89D61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"2.442\",\"matchCriteriaId\":\"493B263C-C8C7-4741-B7F8-B672E86CC8B4\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/24/6\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Exploit\",\"Press/Media Coverage\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.