Описание
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Mailing List
- Vendor Advisory
- ExploitPress/Media Coverage
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Mailing List
- Vendor Advisory
- ExploitPress/Media Coverage
- ExploitThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a ...
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Уязвимость библиотеки args4j встроенного интерфейса командной строки (CLI) сервера автоматизации Jenkins, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3