​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-xvxf-jmfg-g4mx

Published

Last updated

https://images.chainguard.dev/security/CGA-xvxf-jmfg-g4mx
Package

jenkins

Latest Update
Fixed
Fixed Version

2.443-r0

Aliases
  • CVE-2024-23900
  • GHSA-cjgm-9vc9-56mx

Severity

4.6

Medium

CVSS V3

Summary

Path traversal vulnerability in Jenkins Matrix Project Plugin

Description

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint.

This allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.

Matrix Project Plugin 822.824.v14451b_c0fd42 sanitizes user-defined axis names of Multi-configuration project.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation