Path traversal in Jenkins Matrix Project plugin
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-23900 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Matrix Project Web applications / Modules and components for CMS |
| Vendor | Jenkins |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU85792
Risk: Medium
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23900
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to the affected plugin does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. A remote user can create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.
MitigationInstall update from vendor's website.
Vulnerable software versionsMatrix Project: 822.v01b_8c85d16d2
External linkshttp://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289
http://www.openwall.com/lists/oss-security/2024/01/24/6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
