CVE-2024-23900
- Source
- https://cve.org/CVERecord?id=CVE-2024-23900
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23900.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-23900
- Aliases
- Downstream
- Related
- Published
- 2024-01-24T18:15:09.523Z
- Modified
- 2026-05-19T02:08:42.880431Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.
- References
Affected packages
Git / github.com/jenkinsci/matrix-project-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/matrix-project-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:jenkins:matrix_project:*:*:*:*:*:jenkins:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "822.v01b_8c85d16d2" } ] }
Affected versions
751.*
751.v496d84c0d414
758.*
758.v7a_ea_491852f3
771.*
771.v574584b_39e60
772.*
772.v494f19991984
785.*
785.v06b_7f47b_c631
789.*
789.v57a_725b_63c79
802.*
802.v8013b_40c7edc
808.*
808.v5a_b_5f56d6966
818.*
818.v7eb_e657db_924
822.*
822.v01b_8c85d16d2
matrix-project-1.*
matrix-project-1.0
matrix-project-1.0-beta-1
matrix-project-1.1
matrix-project-1.10
matrix-project-1.11
matrix-project-1.12
matrix-project-1.13
matrix-project-1.14
matrix-project-1.15
matrix-project-1.16
matrix-project-1.17
matrix-project-1.18
matrix-project-1.19
matrix-project-1.2
matrix-project-1.3
matrix-project-1.4
matrix-project-1.5
matrix-project-1.6
matrix-project-1.7
matrix-project-1.7.1
matrix-project-1.8
matrix-project-1.9