VYPR
High severityNVD Advisory· Published Jan 24, 2024· Updated Jun 4, 2025

CVE-2024-23899

CVE-2024-23899

Description

Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:git-serverMaven
< 99.101.v720e86326c0999.101.v720e86326c09

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

1