cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-23904,https://securityvulnerability.io/vulnerability/CVE-2024-23904,Information Disclosure in Jenkins Log Command Plugin by Jenkins,"The Log Command Plugin for Jenkins versions 1.0.2 and earlier is vulnerable due to a flaw in its command parser feature. This vulnerability allows unauthenticated attackers to exploit the ability to include file paths prefixed by an '@' character. When triggered, the parser expands these paths, leading to sensitive information disclosure by reading arbitrary files from the Jenkins controller's file system. This poses a significant security risk, particularly in environments where sensitive configurations or credentials may be stored in files accessible by the plugin.",Jenkins,Jenkins Log Command Plugin,7.5,HIGH,0.0009899999713525176,false,false,false,false,,false,false,2024-01-24T17:52:27.324Z,0