Jenkins Command Line Interface (CLI) Path Traversal Vulnerability

Added Aug. 19, 2024 • Due Sept. 9, 2024 • CVE-2024-23897

Overdue Jenkins / Jenkins Command Line Interface (CLI) Known Ransomware Use CWE-27

Description

Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
https://nvd.nist.gov/vuln/detail/CVE-2024-23897

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 6 months, 3 weeks ago