VYPR
Critical severityCISA KEVNVD Advisory· Published Jan 24, 2024· Updated Oct 21, 2025

CVE-2024-23897

CVE-2024-23897

Description

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
>= 1.606, < 2.426.32.426.3
org.jenkins-ci.main:jenkins-coreMaven
>= 2.427, < 2.440.12.440.1
org.jenkins-ci.main:jenkins-coreMaven
>= 2.441, < 2.4422.442

Affected products

10

Patches

Vulnerability mechanics

References

12

News mentions

1