{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23900", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2024-01-23T12:46:51.264Z", "datePublished": "2024-01-24T17:52:24.770Z", "dateUpdated": "2025-02-13T17:39:57.586Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-01-24T17:55:10.122Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins Matrix Project Plugin", "versions": [{"version": "0", "versionType": "maven", "lessThanOrEqual": "822.v01b_8c85d16d2", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers."}], "references": [{"name": "Jenkins Security Advisory 2024-01-24", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.294Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2024-01-24", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:matrix_project:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "BABBCE8F-8671-4654-8438-34B627E3D33A", "versionEndIncluding": "822.v01b_8c85d16d2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers."}, {"lang": "es", "value": "El complemento Jenkins Matrix Project 822.v01b_8c85d16d2 y versiones anteriores no sanitiza los nombres de eje definidos por el usuario de proyectos de configuraci\u00f3n m\u00faltiple, lo que permite a los atacantes con permiso Elemento/Configurar crear o reemplazar cualquier archivo config.xml en el sistema de archivos del controlador Jenkins con contenido no controlable por los atacantes."}], "id": "CVE-2024-23900", "lastModified": "2024-11-21T08:58:40.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-24T18:15:09.523", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3635", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-0:2.440.3.1716445200-3.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3635", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-2-plugins-0:4.12.1716445211-1.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3636", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-0:2.440.3.1716445150-3.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3636", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-2-plugins-0:4.13.1716445207-1.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3634", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-0:2.440.3.1716387933-3.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3634", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-2-plugins-0:4.14.1716388016-1.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:4597", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-0:2.440.3.1718879390-3.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4597", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-2-plugins-0:4.15.1718879538-1.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2024-07-17T00:00:00Z"}], "bugzilla": {"description": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "id": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "status": "verified"}, "cwe": "CWE-23", "details": ["Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.", "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers."], "name": "CVE-2024-23900", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "jenkins", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2024-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23900\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23900\nhttp://www.openwall.com/lists/oss-security/2024/01/24/6\nhttps://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289"], "threat_severity": "Moderate"}