CVE-2024-23897

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 24, 2024

Updated: Dec 20, 2024

CWE ID 22

CWE ID 27

Summary

CVE-2024-23897 is a vulnerability affecting Jenkins versions 2.441 and earlier, as well as LTS 2.426.2 and earlier. This issue arises from the Jenkins CLI command parser, which fails to disable a feature that interprets an '@' symbol followed by a file path in an argument as a file, leading unauthenticated attackers to read arbitrary files directly from the Jenkins controller file system. This poses a significant security risk, allowing potential data exposure. Jenkins users are advised to upgrade to a patched version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uQMXwR
https://www.cve.org/CVERecord?id=CVE-2024-23897
https://nvd.nist.gov/vuln/detail/CVE-2024-23897

Back to Vulnerability Database

CVE-2024-23897

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations