VYPR
High severity7.5NVD Advisory· Published Jan 24, 2024· Updated Jun 17, 2026

CVE-2024-23904

CVE-2024-23904

Description

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:log-commandMaven
<= 1.0.2

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

1