/plushcap/analysis/sonar/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins

Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins

What's this blog post about?

Sonar's Vulnerability Research Team has discovered two security vulnerabilities in Jenkins, the leading open-source Continuous Integration and Continuous Deployment (CI/CD) software. The Critical vulnerability CVE-2024-23897 allows unauthenticated attackers to read a limited amount of arbitrary files' data, while "read-only" authorized attackers can read an entire arbitrary file from Jenkins' server. Attackers could leverage this vulnerability by reading Jenkins secrets and escalating privileges to admin and eventually execute arbitrary code on the server. The High severity cross-site WebSocket hijacking (CSWSH) vulnerability CVE-2024-23898 allows an attacker to execute arbitrary CLI commands by manipulating a victim to click on a link. The vulnerabilities were fixed in Jenkins versions 2.442, and LTS 2.426.3.

Company
Sonar

Date published
Jan. 24, 2024

Author(s)
Yaniv Nizry

Word count
1464

Language
English

Hacker News points
1

By Matt Makai. 2021-2024.