Moderate severityNVD Advisory· Published Nov 27, 2024· Updated Nov 27, 2024
CVE-2024-54004
CVE-2024-54004
Description
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aendter.jenkins.plugins:filesystem-list-parameter-pluginMaven | < 0.0.15 | 0.0.15 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-fwxq-3f52-5cmcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-54004ghsaADVISORY
- www.jenkins.io/security/advisory/2024-11-27/ghsavendor-advisoryWEB
News mentions
1- Jenkins Security Advisory 2024-11-27Jenkins Security Advisories · Nov 27, 2024