Jenkins Multiple Vulnerabilities
Release Date: 28 May 2024
RISK: Medium Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, sensitive information disclosure and security restriction bypass on the targeted system.
Note:
No patch is currently available for CVE-2024-5273 of the affected products. To exploit the vulnerability, attackers need to have Item/Configure permission. Hence, the risk level is rated to Medium Risk.
Impact
- Cross-Site Scripting
- Information Disclosure
- Security Restriction Bypass
System / Technologies affected
- Team Concert Git Plugin up to and including 2.0.4
- OpenText Application Automation Tools Plugin up to and including 24.1.0
- Report Info Plugin up to and including 1.2
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Vulnerability Identifier
- CVE-2024-4184
- CVE-2024-4189
- CVE-2024-4211
- CVE-2024-4690
- CVE-2024-4691
- CVE-2024-4692
- CVE-2024-5273
- CVE-2024-28793
沒有留言:
發佈留言