Back to directory
WRITEUP #514

Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins (CVE-2024-23897 & CVE-2024-23898)

OtherCross-Site WebSocket Hijacking (CSWH)Data leakArbitrary file readSecurity code review
by@YNizry(Yaniv Nizry)
Program
Jenkins
Published
Jan 25, 2024
Added to HackDex
Jan 29, 2024
Read Full Writeuphttps://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
RELATED WRITEUPS
CVE-2024-29511 – Abusing Ghostscript’s OCR device
OtherArbitrary file read
Vulnerabilities in NodeJS C/C++ add-on extensions
OtherMemory corruption
CVE-2024-38428 Wget Vulnerability: All you need to know
SSRFMiTM
Github Actions Exploitation: Dependabot
OtherCI/CD
Oracle Retail Xstore Suite: Pre-authenticated Path Traversal
OtherPath traversal

Built with ❤️ by Shubham Rawat