Tag
arbitrary-file-read
Safeguard articles tagged "arbitrary-file-read" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Jenkins CLI Arbitrary File Read (CVE-2024-23897) Explained
CVE-2024-23897 turned a convenience feature in Jenkins' CLI argument parser into an arbitrary file read that can escalate to full RCE. Here's the mechanism and the fix.
Jul 6, 20265 min read
DevSecOps
Jenkins Arbitrary File Read via Crafted CLI Command (CVE-...
CVE-2018-1999002 let attackers read arbitrary files from Jenkins masters via crafted requests to the Stapler framework, exposing secrets and credentials.
Nov 25, 20258 min read