VYPR
High severityNVD Advisory· Published Jan 24, 2024· Updated Jun 20, 2025

CVE-2024-23898

CVE-2024-23898

Description

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
>= 2.217, < 2.426.32.426.3
org.jenkins-ci.main:jenkins-coreMaven
>= 2.427, < 2.4422.442

Affected products

4

Patches

Vulnerability mechanics

References

7

News mentions

1