CVE-2024-54004
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-54004 is a vulnerability affecting the Jenkins Filesystem List Parameter Plugin version 0.0.14 and earlier. This issue permits users with Item/Configure permissions to list file names on the Jenkins controller file system, without any restrictions on the path used for File system objects. Attackers can exploit this vulnerability by manipulating the list parameter to enumerate sensitive files, potentially leading to unauthorized access or data exposure. Jenkins users are strongly advised to update to the latest version of the plugin to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.