CVE-2024-23900

jenkins-2-plugins: matrix-project plugin path traversal vulnerability

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.

El complemento Jenkins Matrix Project 822.v01b_8c85d16d2 y versiones anteriores no sanitiza los nombres de eje definidos por el usuario de proyectos de configuración múltiple, lo que permite a los atacantes con permiso Elemento/Configurar crear o reemplazar cualquier archivo config.xml en el sistema de archivos del controlador Jenkins con contenido no controlable por los atacantes.

A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-01-23 CVE Reserved
2024-01-24 CVE Published
2024-02-01 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-23: Relative Path Traversal

CAPEC

References (4)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2024/01/24/6	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289	2024-01-31
https://access.redhat.com/security/cve/CVE-2024-23900	2024-07-17
https://bugzilla.redhat.com/show_bug.cgi?id=2260184	2024-07-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jenkins Search vendor "Jenkins"		Matrix Project Search vendor "Jenkins" for product "Matrix Project"				<= 822.v01b_8c85d16d2 Search vendor "Jenkins" for product "Matrix Project" and version " <= 822.v01b_8c85d16d2"		jenkins		Affected