CVE-2023-24429

Name of the Vulnerable Software and Affected Versions Jenkins Semantic Versioning Plugin versions 1.14 and earlier

Description The issue allows attackers who can control agent processes to have Jenkins parse a crafted file, potentially leading to the extraction of secrets from the Jenkins controller or server-side request forgery. This is due to the lack of restrictions on the execution of controller/agent messages and file path limitations.

Recommendations For Jenkins Semantic Versioning Plugin versions 1.14 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's functionality to minimize the risk of attackers controlling agent processes and parsing malicious files.