vulnerability

Jenkins Advisory 2024-11-27: CVE-2024-54004: Path traversal vulnerability in Filesystem List Parameter Plugin

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Nov 28, 2024

Added

Nov 28, 2024

Modified

Mar 27, 2026

Description

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.

Solutions

jenkins-lts-upgrade-2_479_2jenkins-upgrade-2_487

References

CVE-2024-54004
https://attackerkb.com/topics/CVE-2024-54004
CWE-22
EUVD-EUVD-2024-3395
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-3395
https://jenkins.io/security/advisory/2024-11-27/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report