Vulnerabilities > CVE-2024-23900 - Unspecified vulnerability in Jenkins Matrix Project

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jenkins

NVD

Published: 2024-01-24

Updated: 2024-01-31

Summary

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Matrix Project 1.0 Jenkins Matrix Project 1.1 Jenkins Matrix Project 1.2 Jenkins Matrix Project 1.2.1 Jenkins Matrix Project 1.3 Jenkins Matrix Project 1.4 Jenkins Matrix Project 1.4.1 Jenkins Matrix Project 1.5 Jenkins Matrix Project 1.6 Jenkins Matrix Project 1.7 Jenkins Matrix Project 1.7.1 Jenkins Matrix Project 1.8 Jenkins Matrix Project 1.9 Jenkins Matrix Project 1.10 Jenkins Matrix Project 1.11 Jenkins Matrix Project 1.12 Jenkins Matrix Project 1.13 Jenkins Matrix Project 1.14 Jenkins Matrix Project 1.15 Jenkins Matrix Project 1.16 Jenkins Matrix Project 1.17 Jenkins Matrix Project 1.18 Jenkins Matrix Project 1.18.1 Jenkins Matrix Project 1.19 Jenkins Matrix Project 1.20 Jenkins Matrix Project 822.V01B_8C85D16D2	27

Summary

Vulnerable Configurations

References