Jenkins Matrix Project Plugin Vulnerability Exposes Config Files to Unauthorized Changes
CVE-2024-23900

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Matrix Project Plugin
Vendor: CVE Published:; 24 January 2024

What is CVE-2024-23900?

The Jenkins Matrix Project Plugin prior to version 822.v01b_8c85d16d2 is vulnerable due to improper sanitization of user-defined axis names within multi-configuration projects. Consequently, attackers with Item/Configure permissions can exploit this flaw to create or modify config.xml files on the Jenkins controller file system. This misconfiguration allows potentially malicious content that is not directly controlled by the attackers to be introduced, impacting the integrity of the Jenkins server configurations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Matrix Project Plugin 0 <= 822.v01b_8c85d16d2

References

https://www.jenkins.io/security/advisory/2024-01-24/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/01/24/6

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 24, 2024
Vulnerability Reserved
Jan 23, 2024

JSON

Jenkins

What is CVE-2024-23900?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.