CVE-2024-54004 | THREATINT

Description

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.

PUBLISHED Reserved 2024-11-26 | Published 2024-11-27 | Updated 2024-11-27 | Assigner jenkins

Product status

Default status

unaffected

Any version

affected

References

www.jenkins.io/security/advisory/2024-11-27/ (Jenkins Security Advisory 2024-11-27) vendor-advisory

cve.org (CVE-2024-54004)

nvd.nist.gov (CVE-2024-54004)

Download JSON