{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23898", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2024-01-23T12:46:51.264Z", "datePublished": "2024-01-24T17:52:23.492Z", "dateUpdated": "2024-08-01T23:13:08.509Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Jenkins", "vendor": "Jenkins Project", "versions": [{"lessThan": "2.217", "status": "unaffected", "version": "0", "versionType": "maven"}, {"lessThan": "*", "status": "unaffected", "version": "2.442", "versionType": "maven"}, {"lessThan": "2.426.*", "status": "unaffected", "version": "2.426.3", "versionType": "maven"}, {"lessThan": "2.440.*", "status": "unaffected", "version": "2.440.1", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2024-04-15T15:07:27.730Z"}, "references": [{"name": "Jenkins Security Advisory 2024-01-24", "tags": ["vendor-advisory"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315"}, {"url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.509Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2024-01-24", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315"}, {"url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "E4343714-1807-4231-833C-AB3D6E637769", "versionEndIncluding": "2.441", "versionStartIncluding": "2.217", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "225EA384-5268-4ACD-A8E1-65002A5D74AB", "versionEndIncluding": "2.426.2", "versionStartIncluding": "2.222.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller."}, {"lang": "es", "value": "Jenkins 2.217 a 2.441 (ambos incluida), LTS 2.222.1 a 2.426.2 (ambos incluida) no realizan la validaci\u00f3n del origen de las solicitudes realizadas a trav\u00e9s del endpoint CLI WebSocket, lo que genera una vulnerabilidad de secuestro de WebSocket entre sitios (CSWSH), lo que permite a los atacantes para ejecutar comandos CLI en el controlador Jenkins."}], "id": "CVE-2024-23898", "lastModified": "2024-05-14T15:01:24.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-24T18:15:09.420", "references": [{"source": "jenkinsci-cert@googlegroups.com", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315"}, {"source": "jenkinsci-cert@googlegroups.com", "url": "https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0778", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-0:2.426.3.1706515686-3.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0776", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-0:2.426.3.1706516254-3.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0775", "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8", "package": "jenkins-0:2.426.3.1706516929-3.el8", "product_name": "OpenShift Developer Tools and Services for OCP 4.11", "release_date": "2024-02-12T00:00:00Z"}], "bugzilla": {"description": "jenkins: cross-site WebSocket hijacking", "id": "2260182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-79", "details": ["Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.", "A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint."], "name": "CVE-2024-23898", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "jenkins", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2024-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-23898\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23898\nhttp://www.openwall.com/lists/oss-security/2024/01/24/6\nhttps://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315"], "threat_severity": "Important", "upstream_fix": "Jenkins 2.442, Jenkins LTS 2.426.3"}