CVE-2024-54004

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 27, 2024
CWE ID 22

Summary

CVE-2024-54004 is a vulnerability affecting the Jenkins Filesystem List Parameter Plugin version 0.0.14 and earlier. This issue permits users with Item/Configure permissions to list file names on the Jenkins controller file system, without any restrictions on the path used for File system objects. Attackers can exploit this vulnerability by manipulating the list parameter to enumerate sensitive files, potentially leading to unauthorized access or data exposure. Jenkins users are strongly advised to update to the latest version of the plugin to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share