CVE-2024-23897

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 24, 2024

Updated: Aug 20, 2024

CWE ID 22

CWE ID 27

Summary

CVE-2024-23897 is a vulnerability affecting Jenkins 2.441 and earlier, as well as LTS 2.426.2 and earlier. This issue lies in Jenkins' CLI command parser, which fails to disable a feature that interprets '@' followed by a file path in an argument as a command to read the file's contents. As a result, unauthenticated attackers can exploit this vulnerability to read arbitrary files on the Jenkins controller file system. This can potentially lead to exposure of sensitive information. Jenkins users are advised to upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uQMXwR
https://www.cve.org/CVERecord?id=CVE-2024-23897
https://nvd.nist.gov/vuln/detail/CVE-2024-23897

Back to Vulnerability Database

CVE-2024-23897

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations