Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins

Post Details

Company

Sonar

Date Published

Jan. 24, 2024

Author

Yaniv Nizry

Word Count

1,464

Language

English

Hacker News Points

1

Source URL

www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins

Summary

Sonar's Vulnerability Research Team has discovered two security vulnerabilities in Jenkins, the leading open-source Continuous Integration and Continuous Deployment (CI/CD) software. The Critical vulnerability CVE-2024-23897 allows unauthenticated attackers to read a limited amount of arbitrary files' data, while "read-only" authorized attackers can read an entire arbitrary file from Jenkins' server. Attackers could leverage this vulnerability by reading Jenkins secrets and escalating privileges to admin and eventually execute arbitrary code on the server. The High severity cross-site WebSocket hijacking (CSWSH) vulnerability CVE-2024-23898 allows an attacker to execute arbitrary CLI commands by manipulating a victim to click on a link. The vulnerabilities were fixed in Jenkins versions 2.442, and LTS 2.426.3.