{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23897", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2024-01-23T12:46:51.263Z", "datePublished": "2024-01-24T17:52:22.842Z", "dateUpdated": "2024-08-19T16:20:22.425Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Jenkins", "vendor": "Jenkins Project", "versions": [{"lessThan": "1.606", "status": "unaffected", "version": "0", "versionType": "maven"}, {"lessThan": "*", "status": "unaffected", "version": "2.442", "versionType": "maven"}, {"lessThan": "2.426.*", "status": "unaffected", "version": "2.426.3", "versionType": "maven"}, {"lessThan": "2.440.*", "status": "unaffected", "version": "2.440.1", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-04-15T15:06:41.647Z"}, "references": [{"name": "Jenkins Security Advisory 2024-01-24", "tags": ["vendor-advisory"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"}, {"url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"}, {"url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:48:11.721Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2024-01-24", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"}, {"url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html", "tags": ["x_transferred"]}, {"url": "https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-27", "lang": "en", "description": "CWE-27 Path Traversal: 'dir/../../filename'"}]}], "affected": [{"vendor": "jenkins", "product": "jenkins", "cpes": ["cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "unaffected", "lessThan": "1.606", "versionType": "maven"}, {"version": "2.442", "status": "unaffected", "lessThan": "*", "versionType": "maven"}, {"version": "2.426.3", "status": "unaffected", "lessThan": "2.427", "versionType": "maven"}, {"version": "2.440.1", "status": "unaffected", "lessThan": "2.441", "versionType": "maven"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-19T15:35:31.038735Z", "id": "CVE-2024-23897", "options": [{"Exploitation": "active"}, {"Automatable": "Yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-08-19", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T16:20:22.425Z"}, "timeline": [{"time": "2024-08-19T00:00:00+00:00", "lang": "en", "value": "CVE-2024-23897 added to CISA KEV"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314", "name": "Jenkins Security Advisory 2024-01-24", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html", "tags": ["x_transferred"]}, {"url": "https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:48:11.721Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23897", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "Yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-19T15:35:31.038735Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-08-19", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23897"}}}], "affected": [{"cpes": ["cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"], "vendor": "jenkins", "product": "jenkins", "versions": [{"status": "unaffected", "version": "0", "lessThan": "1.606", "versionType": "maven"}, {"status": "unaffected", "version": "2.442", "lessThan": "*", "versionType": "maven"}, {"status": "unaffected", "version": "2.426.3", "lessThan": "2.427", "versionType": "maven"}, {"status": "unaffected", "version": "2.440.1", "lessThan": "2.441", "versionType": "maven"}], "defaultStatus": "affected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-27", "description": "CWE-27 Path Traversal: 'dir/../../filename'"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T13:11:17.985Z"}, "timeline": [{"lang": "en", "time": "2024-08-19T00:00:00+00:00", "value": "CVE-2024-23897 added to CISA KEV"}]}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"status": "unaffected", "version": "0", "lessThan": "1.606", "versionType": "maven"}, {"status": "unaffected", "version": "2.442", "lessThan": "*", "versionType": "maven"}, {"status": "unaffected", "version": "2.426.3", "lessThan": "2.426.*", "versionType": "maven"}, {"status": "unaffected", "version": "2.440.1", "lessThan": "2.440.*", "versionType": "maven"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314", "name": "Jenkins Security Advisory 2024-01-24", "tags": ["vendor-advisory"]}, {"url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"}, {"url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"}], "descriptions": [{"lang": "en", "value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-04-15T15:06:41.647Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23897", "state": "PUBLISHED", "dateUpdated": "2024-08-19T16:20:22.425Z", "dateReserved": "2024-01-23T12:46:51.263Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2024-01-24T17:52:22.842Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-09-09", "cisaExploitAdd": "2024-08-19", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Jenkins Command Line Interface (CLI) Path Traversal Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "669379F5-5F67-4002-AD76-F8C470C89D61", "versionEndExcluding": "2.426.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "493B263C-C8C7-4741-B7F8-B672E86CC8B4", "versionEndExcluding": "2.442", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."}, {"lang": "es", "value": "Jenkins 2.441 y anteriores, LTS 2.426.2 y anteriores no desactivan una funci\u00f3n de su analizador de comandos CLI que reemplaza un car\u00e1cter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, lo que permite a atacantes no autenticados leer archivos arbitrarios en el sistema de archivos del controlador Jenkins."}], "id": "CVE-2024-23897", "lastModified": "2024-08-20T13:34:22.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-24T18:15:09.370", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Exploit", "Press/Media Coverage"], "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-27"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0778", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-0:2.426.3.1706515686-3.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0776", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-0:2.426.3.1706516254-3.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0775", "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8", "package": "jenkins-0:2.426.3.1706516929-3.el8", "product_name": "OpenShift Developer Tools and Services for OCP 4.11", "release_date": "2024-02-12T00:00:00Z"}], "bugzilla": {"description": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE", "id": "2260180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-88", "details": ["Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.", "A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the \"@\" character followed by a file path in an argument with the file\u2019s contents (expandAtFiles). This feature is enabled by default; Jenkins 2.441 and earlier as well as LTS 2.426.2 and earlier do not disable it."], "mitigation": {"lang": "en:us", "value": "Disabling access to the CLI is expected to prevent exploitation completely. Doing so is strongly recommended to administrators unable to immediately update to Jenkins 2.442, LTS 2.426.3 or LTS 2.440.1. Applying this workaround does not require a Jenkins restart."}, "name": "CVE-2024-23897", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "jenkins", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2024-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23897\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23897\nhttp://www.openwall.com/lists/oss-security/2024/01/24/6\nhttps://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical", "upstream_fix": "Jenkins 2.442, Jenkins LTS 2.426.3"}