CVE-2024-23898

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-23898
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23898.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23898
Aliases
Related
Published
2024-01-24T18:15:09Z
Modified
2024-09-03T04:38:53.239972Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Affected versions

jenkins-2.*

jenkins-2.176.4
jenkins-2.190.1
jenkins-2.190.2
jenkins-2.190.3
jenkins-2.204.1
jenkins-2.204.2
jenkins-2.204.3
jenkins-2.204.4
jenkins-2.204.5
jenkins-2.204.6
jenkins-2.217
jenkins-2.218
jenkins-2.219
jenkins-2.220
jenkins-2.221
jenkins-2.222
jenkins-2.222.1
jenkins-2.222.3
jenkins-2.222.4
jenkins-2.223
jenkins-2.224
jenkins-2.225
jenkins-2.226
jenkins-2.227
jenkins-2.228
jenkins-2.229
jenkins-2.230
jenkins-2.231
jenkins-2.232
jenkins-2.233
jenkins-2.234
jenkins-2.235
jenkins-2.235.1
jenkins-2.235.2
jenkins-2.235.3
jenkins-2.236
jenkins-2.237
jenkins-2.238
jenkins-2.239
jenkins-2.240
jenkins-2.241
jenkins-2.242
jenkins-2.243
jenkins-2.244
jenkins-2.245
jenkins-2.246
jenkins-2.247
jenkins-2.248
jenkins-2.249
jenkins-2.250
jenkins-2.251
jenkins-2.252
jenkins-2.253
jenkins-2.254
jenkins-2.255
jenkins-2.256
jenkins-2.257
jenkins-2.258
jenkins-2.259
jenkins-2.260
jenkins-2.261
jenkins-2.262
jenkins-2.263
jenkins-2.264
jenkins-2.265
jenkins-2.266
jenkins-2.267
jenkins-2.268
jenkins-2.269
jenkins-2.270
jenkins-2.271
jenkins-2.272
jenkins-2.273
jenkins-2.274
jenkins-2.275
jenkins-2.276
jenkins-2.277
jenkins-2.278
jenkins-2.279
jenkins-2.280
jenkins-2.281
jenkins-2.282
jenkins-2.283
jenkins-2.284
jenkins-2.285
jenkins-2.286
jenkins-2.287
jenkins-2.288
jenkins-2.289
jenkins-2.290
jenkins-2.291
jenkins-2.292
jenkins-2.293
jenkins-2.294
jenkins-2.295
jenkins-2.296
jenkins-2.297
jenkins-2.298
jenkins-2.299
jenkins-2.300
jenkins-2.301
jenkins-2.302
jenkins-2.303
jenkins-2.304
jenkins-2.305
jenkins-2.306
jenkins-2.307
jenkins-2.308
jenkins-2.309
jenkins-2.310
jenkins-2.311
jenkins-2.312
jenkins-2.313
jenkins-2.314
jenkins-2.315
jenkins-2.316
jenkins-2.317
jenkins-2.318
jenkins-2.319
jenkins-2.320
jenkins-2.321
jenkins-2.322
jenkins-2.323
jenkins-2.324
jenkins-2.325
jenkins-2.326
jenkins-2.327
jenkins-2.328
jenkins-2.329
jenkins-2.330
jenkins-2.331
jenkins-2.332
jenkins-2.333
jenkins-2.334
jenkins-2.335
jenkins-2.336
jenkins-2.337
jenkins-2.338
jenkins-2.339
jenkins-2.340
jenkins-2.341
jenkins-2.342
jenkins-2.343
jenkins-2.344
jenkins-2.345
jenkins-2.346
jenkins-2.347
jenkins-2.348
jenkins-2.349
jenkins-2.350
jenkins-2.351
jenkins-2.352
jenkins-2.353
jenkins-2.354
jenkins-2.355
jenkins-2.356
jenkins-2.357
jenkins-2.358
jenkins-2.359
jenkins-2.360
jenkins-2.361
jenkins-2.362
jenkins-2.363
jenkins-2.364
jenkins-2.365
jenkins-2.366
jenkins-2.367
jenkins-2.368
jenkins-2.369
jenkins-2.370
jenkins-2.371
jenkins-2.372
jenkins-2.373
jenkins-2.374
jenkins-2.375
jenkins-2.376
jenkins-2.377
jenkins-2.378
jenkins-2.379
jenkins-2.380
jenkins-2.381
jenkins-2.382
jenkins-2.383
jenkins-2.384
jenkins-2.385
jenkins-2.386
jenkins-2.387
jenkins-2.388
jenkins-2.389
jenkins-2.390
jenkins-2.391
jenkins-2.392
jenkins-2.393
jenkins-2.394
jenkins-2.395
jenkins-2.396
jenkins-2.397
jenkins-2.398
jenkins-2.399
jenkins-2.400
jenkins-2.401
jenkins-2.402
jenkins-2.403
jenkins-2.404
jenkins-2.405
jenkins-2.406
jenkins-2.407
jenkins-2.408
jenkins-2.409
jenkins-2.410
jenkins-2.411
jenkins-2.412
jenkins-2.413
jenkins-2.414
jenkins-2.415
jenkins-2.416
jenkins-2.417
jenkins-2.418
jenkins-2.419
jenkins-2.420
jenkins-2.421
jenkins-2.422
jenkins-2.423
jenkins-2.424
jenkins-2.425
jenkins-2.426
jenkins-2.426.1
jenkins-2.426.1-rc
jenkins-2.426.1-rc-2
jenkins-2.426.2
jenkins-2.426.2-rc-1
jenkins-2.427
jenkins-2.428
jenkins-2.429
jenkins-2.430
jenkins-2.431
jenkins-2.432
jenkins-2.433
jenkins-2.434
jenkins-2.435
jenkins-2.436
jenkins-2.437
jenkins-2.438
jenkins-2.439
jenkins-2.440
jenkins-2.441

Other

list