CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 45CVE-2024-23897 – Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-23897
24 Jan 2024 — Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. Jenkins 2.441 y anteriores, LTS 2.426.2 y anteriores no desactivan una función de su analizador de comandos CLI que reemplaza un carácter '@' seguido de una ruta de archivo en un argumento con el contenido del arch... • https://packetstorm.news/files/id/178047 • CWE-27: Path Traversal: 'dir/../../filename' CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2023-36478 – HTTP/2 HPACK integer overflow and buffer allocation
https://notcve.org/view.php?id=CVE-2023-36478
10 Oct 2023 — Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and lengt... • http://www.openwall.com/lists/oss-security/2023/10/18/4 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 80%CPEs: 444EXPL: 15CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43498
https://notcve.org/view.php?id=CVE-2023-43498
20 Sep 2023 — In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. En Jenkins versión 2.423 y anteriores, LTS versión 2.414.1 y anteriores, el procesamiento de cargas de archivos utilizando MultipartFormDataParser crea ... • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-377: Insecure Temporary File •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43497
https://notcve.org/view.php?id=CVE-2023-43497
20 Sep 2023 — In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. En Jenkins 2.423 y versiones anteriores, LTS 2.414.1 y anteriores, el procesamiento de cargas de archivos utilizando el framework web Stapler crea arc... • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43496
https://notcve.org/view.php?id=CVE-2023-43496
20 Sep 2023 — Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. Jenkins 2.423 y anteriores, LTS 2.414.1 y anteriores crean un archivo temporal en el directorio temporal del sistema con los perm... • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43495
https://notcve.org/view.php?id=CVE-2023-43495
20 Sep 2023 — Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter. Jenkins 2.423 y anteriores, LTS 2.414.1 y anteriores no escapan al valor del parámetro constructor 'caption' de 'ExpandableDetailsNote', lo que genera una vulnerabilidad de Store Cross-Site Scripting (XSS) que pueden explotar los atacantes capaces ... • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39151
https://notcve.org/view.php?id=CVE-2023-39151
26 Jul 2023 — Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. • http://www.openwall.com/lists/oss-security/2023/07/26/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35141
https://notcve.org/view.php?id=CVE-2023-35141
14 Jun 2023 — In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. • http://www.openwall.com/lists/oss-security/2023/06/14/5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27904 – Jenkins: Information disclosure through error stack traces related to agents
https://notcve.org/view.php?id=CVE-2023-27904
08 Mar 2023 — Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers. Multicl... • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •