VYPR
Moderate severityNVD Advisory· Published Jan 24, 2024· Updated Jun 16, 2025

CVE-2024-23900

CVE-2024-23900

Description

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:matrix-projectMaven
< 822.824.v14451b822.824.v14451b

Affected products

8

Patches

Vulnerability mechanics

References

5

News mentions

1