all InfoSec news
Jenkins Arbitrary File Leak Vulnerability, CVE-2024-23897, Can Lead To RCE
Security Boulevard securityboulevard.com
Introduction
Jenkins, a Java-based open-source automation server widely used by developers for application building, testing, and deployment, has issued an advisory about a critical vulnerability that could potentially enable remote code execution (RCE).
This vulnerability, identified as CVE-2024-23897, poses a high risk and affects Jenkins integrated command line interfaces (CLI). With a CVSS score of 9.8, unauthorized access to files through the CLI is possible, potentially leading to RCE.
In addition to file access, CVE-2024-23897 can be leveraged to access …
advisory application automation building can cli code code execution command command line critical critical vulnerability cve cve-2024-23897 deployment developers enable file high introduction java jenkins leak rce remote code remote code execution risk server testing vulnerability