Cross-site WebSocket hijacking vulnerability in CLI in Jenkins - CVE-2024-23898 (rpm)ID: oval:org.secpod.oval:def:97277 | Date: (C)2024-01-30 (M)2024-05-20 |
Class: VULNERABILITY | Family: unix |
The host is installed with Jenkins LTS 2.222.1 before 2.426.3 or Jenkins rolling release 2.217 before 2.442 and is prone to a cross-site websocket hijacking vulnerability. A flaw is present in the application, which fails to properly handle validation of requests made through the CLI WebSocket endpoint. Successful exploitation could allow an attackers to execute CLI commands on the Jenkins controller.
Product: |
Jenkins LTS |
Jenkins rolling release |