Notices where this attachment appears
-
Embed this notice
Taggart :donor: (mttaggart@infosec.town)'s status on Thursday, 25-Jan-2024 23:58:58 JST 
Taggart :donor:
Good morning! Have a fairly gnarly RCE in #Jenkins: Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
#CVE_2024_23897
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.