Vite Arbitrary File Read Vulnerability (CVE-2025-31486)
abril 9, 2025
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31486); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files on the target server. At […]
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) Notice
janeiro 30, 2024
Overview Recently, NSFOCUS CERT detected that Jenkins issued a security announcement and fixed an arbitrary file reading vulnerability in the Jenkins CLI (CVE-2024-23897). Since one function of its CLI command parser is enabled by default in Jenkins, the specific parser function expandAtFiles can replace the character following the file path in the @ parameter with […]
