{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23899", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2024-01-23T12:46:51.264Z", "datePublished": "2024-01-24T17:52:24.131Z", "dateUpdated": "2025-02-13T17:39:57.007Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-01-24T17:55:09.022Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins Git server Plugin", "versions": [{"version": "0", "versionType": "maven", "lessThanOrEqual": "99.va_0826a_b_cdfa_d", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system."}], "references": [{"name": "Jenkins Security Advisory 2024-01-24", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.396Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2024-01-24", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-25T15:28:24.036847Z", "id": "CVE-2024-23899", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T15:37:40.867Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "name": "Jenkins Security Advisory 2024-01-24", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.396Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23899", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-25T15:28:24.036847Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T15:37:35.647Z"}}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins Git server Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "maven", "lessThanOrEqual": "99.va_0826a_b_cdfa_d"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "name": "Jenkins Security Advisory 2024-01-24", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}], "descriptions": [{"lang": "en", "value": "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-01-24T17:55:09.022Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23899", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:39:57.007Z", "dateReserved": "2024-01-23T12:46:51.264Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2024-01-24T17:52:24.131Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:git_server:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "683B2B65-ECBB-4DE9-9680-8ECC929F74B7", "versionEndIncluding": "99.va_0826a_b_cdfa_d", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system."}, {"lang": "es", "value": "El complemento del servidor Jenkins Git 99.va_0826a_b_cdfa_d y versiones anteriores no desactiva una funci\u00f3n de su analizador de comandos que reemplaza un car\u00e1cter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, permitiendo a atacantes con permiso general/lectura leer contenido de archivos arbitrarios en el sistema de archivos del controlador Jenkins."}], "id": "CVE-2024-23899", "lastModified": "2024-11-21T08:58:40.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-24T18:15:09.467", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3635", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-0:2.440.3.1716445200-3.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3635", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-2-plugins-0:4.12.1716445211-1.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3636", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-0:2.440.3.1716445150-3.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3636", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-2-plugins-0:4.13.1716445207-1.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3634", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-0:2.440.3.1716387933-3.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3634", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-2-plugins-0:4.14.1716388016-1.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:4597", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-0:2.440.3.1718879390-3.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4597", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-2-plugins-0:4.15.1718879538-1.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2024-07-17T00:00:00Z"}], "bugzilla": {"description": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "id": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-88", "details": ["Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.", "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system."], "name": "CVE-2024-23899", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2024-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23899\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23899\nhttp://www.openwall.com/lists/oss-security/2024/01/24/6\nhttps://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319"], "threat_severity": "Important", "upstream_fix": "git-server 99.101.v720e86326c09"}