Feb. 6, 2024, 11:44 p.m. | Avinash Kumar

Security Boulevard securityboulevard.com

Introduction


Jenkins, a Java-based open-source automation server widely used by developers for application building, testing, and deployment, has issued an advisory about a critical vulnerability that could potentially enable remote code execution (RCE).


This vulnerability, identified as CVE-2024-23897, poses a high risk and affects Jenkins integrated command line interfaces (CLI). With a CVSS score of 9.8, unauthorized access to files through the CLI is possible, potentially leading to RCE.


In addition to file access, CVE-2024-23897 can be leveraged to access …

advisory application automation building can cli code code execution command command line critical critical vulnerability cve cve-2024-23897 deployment developers enable file high introduction java jenkins leak rce remote code remote code execution risk server testing vulnerability

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

Consultant, SOC 2 | Remote US

@ Coalfire | United States

Senior Consultant, PCI QSA | Remote US

@ Coalfire | United States

Cyber Forensics Unit Assurance Lead

@ Financial Conduct Authority | London

Field Service Engineer

@ ManTech | 765P - Bldg 90135MohawkDr,Killeen,TX

Field Service Technician (UAE Expatriate Assignment)

@ Motorola Solutions | Texas, US Offsite