Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vph5-2q33-7r9h: Arbitrary file read vulnerability in Git server Plugin can lead to RCE

Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.

ghsa
#vulnerability#git#java#rce#maven

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-23899

Arbitrary file read vulnerability in Git server Plugin can lead to RCE

High severity GitHub Reviewed Published Jan 24, 2024 to the GitHub Advisory Database • Updated Jan 24, 2024

Package

maven org.jenkins-ci.plugins:git-server (Maven)

Affected versions

< 99.101.v720e86326c09

Patched versions

99.101.v720e86326c09

Description

Published to the GitHub Advisory Database

Jan 24, 2024

Last updated

Jan 24, 2024

Related news

Red Hat Security Advisory 2024-4597-03

Red Hat Security Advisory 2024-4597-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.