Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0775 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a     software project or jobs run by cron.

    Security Fix(es):

    * apache-commons-text: variable interpolation RCE (CVE-2022-42889)

    * SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

    * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

    * jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin     (CVE-2023-24422)

    * Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)

    * jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)

    * jenkins: cross-site WebSocket hijacking (CVE-2024-23898)

    * jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

    * jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

    * Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

    * Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0778 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a     software project or jobs run by cron.

    Security Fix(es):

    * apache-commons-text: variable interpolation RCE (CVE-2022-42889)

    * google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can     lead to improper authorization (CVE-2020-7692)

    * maven: Block repositories using http by default (CVE-2021-26291)

    * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

    * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

    * jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin     (CVE-2023-24422)

    * jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)

    * jenkins: cross-site WebSocket hijacking (CVE-2024-23898)

    * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

    * guava: insecure temporary directory creation (CVE-2023-2976)

    * springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)

    * spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout (CVE-2023-20862)

    * jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

    * jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

    * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()     (CVE-2023-26048)

    * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

    * Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)

    * jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)

    * jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)

    * jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)

    * jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin     (CVE-2023-40339)

    * jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials     (CVE-2023-40341)

    * Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

    * Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0776 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a     software project or jobs run by cron.

    Security Fix(es):

    * apache-commons-text: variable interpolation RCE (CVE-2022-42889)

    * maven: Block repositories using http by default (CVE-2021-26291)

    * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

    * maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

    * jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin     (CVE-2023-24422)

    * Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)

    * jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)

    * jenkins: cross-site WebSocket hijacking (CVE-2024-23898)

    * jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

    * jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin     (CVE-2023-25762)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

A vulnerability exists in Jenkins ThinkPHP < 2.442, < LTS 2.426.3 allowing an unauthenticated attacker to read arbitrary files via a specially crafted request and which in certain cases can lead to a Remote Code Execution.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8b03d274-56ca-489e-821a-cf32f07643f0 advisory.

  - Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser     that replaces an '@' character followed by a file path in an argument with the file's contents, allowing     unauthenticated attackers to read arbitrary files on the Jenkins controller file system. (CVE-2024-23897)

  - Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not     perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site     WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins     controller. (CVE-2024-23898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.426.3 or Jenkins weekly prior to 2.442. It is, therefore, affected by multiple vulnerabilities:

  - Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser     that replaces an '@' character followed by a file path in an argument with the file's contents, allowing     unauthenticated attackers to read arbitrary files on the Jenkins controller file system. (CVE-2024-23897)

  - Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not     perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site     WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins     controller. (CVE-2024-23898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194437	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0775)	Nessus	Red Hat Local Security Checks	critical
194435	RHEL 8 : Jenkins and Jenkins-2-plugins (RHSA-2024:0778)	Nessus	Red Hat Local Security Checks	critical
194395	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0776)	Nessus	Red Hat Local Security Checks	critical
114168	Jenkins < 2.442 / < LTS 2.426.3 Arbitrary File Read	Web App Scanning	Component Vulnerability	critical
189503	FreeBSD : jenkins -- multiple vulnerabilities (8b03d274-56ca-489e-821a-cf32f07643f0)	Nessus	FreeBSD Local Security Checks	critical
189463	Jenkins LTS < 2.426.3 / Jenkins weekly < 2.442 Multiple Vulnerabilities	Nessus	CGI abuses	critical

Detections

Analytics

CVE-2024-23897

critical

Tenable Plugins

critical

critical

critical

critical

critical

critical