About recent CVE Issue

alebri78 · October 18, 2024, 11:17am

hello all,
about this:

i have the 2.452.2 version and i don’t understand if my version is affected or not

thank all

MarkEWaite · October 18, 2024, 11:37am

Jenkins 2.452.2 already includes that fix. It is not affected by that advisory. The issue report says:

Jenkins 2.442, LTS 2.426.3, and LTS 2.440.1 disables the command parser feature that replaces an @ character followed by a file path in an argument with the file’s contents for CLI commands.

Jenkins 2.452.2 is affected by the critical advisory published 7 Aug 2024

It is also affected by the advisory published 2 Oct 2024

alebri78 · October 18, 2024, 12:51pm

hi mark,
thank you so much

Topic		Replies	Views
Discrepancy between Jenkins Documentation and CVE Sources for CVE-2024-23897 Using Jenkins sig-security	0	178	February 28, 2024
Arbitrary file read vulnerability through the CLI can lead to RCE SECURITY-3314 / CVE-2024-23897 Ask a question	4	762	February 13, 2024
Info on Jenkins CVE Community	4	92	July 5, 2024
Is Jenkins 2.440.3 impacted by CVE-2024-22262? Using Jenkins docker , sig-security	1	897	May 10, 2024
Clarification Needed on Mitigating CLI Security Issue (SECURITY-3314/3315) with SSH Usage Ask a question question	0	334	February 2, 2024

About recent CVE Issue

Related topics