writeups.xyz / Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins (CVE-2024-23897 & CVE-2024-23898)

Submitter : c2a

Date: 25 January 2024

Bounty : undisclosed

Vulnerabilities :

• Cross-Site WebSocket Hijacking (CSWH)
• Data Leak
• Arbitrary File Read
• Security Code Review

Programs :

• Jenkins

Authors :

• Yaniv Nizry (@YNizry)

Link :
https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/