Filesystem Parameter Exposure in Jenkins Filesystem List Parameter Plugin
CVE-2024-54004

Currently unrated

Key Information:

Vendor: Jenkins
Vendor: CVE Published:; 27 November 2024

Summary

The Filesystem List Parameter Plugin for Jenkins fails to properly restrict access to the filesystem objects, allowing users with Item/Configure permissions to list file names from the Jenkins controller's filesystem. This vulnerability could potentially expose sensitive information stored in the file system, leading to security risks and data integrity issues. Proper permissions controls are essential for maintaining the security of the Jenkins environment, and it is crucial for users to update to the latest plugin versions to mitigate this risk.

References

https://www.jenkins.io/security/advisory/2024-11-27/#SECU...

Timeline

Vulnerability published
Nov 27, 2024

Collectors

NVD Database