Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) Notice

January 30, 2024

Overview Recently, NSFOCUS CERT detected that Jenkins issued a security announcement and fixed an arbitrary file reading vulnerability in the Jenkins CLI (CVE-2024-23897). Since one function of its CLI command parser is enabled by default in Jenkins, the specific parser function expandAtFiles can replace the character following the file path in the @ parameter with […]


Subscribe to the NSFOCUS Blog