SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-23897

CVE-2024-23897: Jenkins Information Disclosure Vulnerability

CVE-2024-23897 is an information disclosure vulnerability in Jenkins that enables unauthenticated attackers to read arbitrary files via CLI command parser. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2024-23897 Overview

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents. This allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

Critical Impact

This vulnerability allows remote attackers to access sensitive files without authentication, leading to significant data exposure.

Affected Products

  • Jenkins 2.441
  • Jenkins LTS 2.426.2

Discovery Timeline

  • 2024-01-24 - CVE CVE-2024-23897 published to NVD
  • 2025-10-24 - Last updated in NVD database

Technical Details for CVE-2024-23897

Vulnerability Analysis

The vulnerability arises from the Jenkins command-line interface (CLI) parsing functionality. The parser incorrectly processes input by interpreting sequences starting with @ as file inclusions, allowing attackers to exploit this for file read operations.

Root Cause

The root cause is the improper disabling of the CLI command parser feature that processes file inclusions from input.

Attack Vector

This vulnerability can be exploited remotely over the network.

bash
# Example exploitation command
jenkins-cli.jar -s http://jenkins-server:8080/ @/etc/passwd

Detection Methods for CVE-2024-23897

Indicators of Compromise

  • Unusual requests to the Jenkins server involving @ symbols
  • Unauthorized file access logs

Detection Strategies

Utilize file access monitoring to detect unauthorized file reads. Set up network intrusion detection systems to alert on known exploitation patterns.

Monitoring Recommendations

Regularly inspect server logs for anomalies and unauthorized access patterns, especially those including sensitive file paths.

How to Mitigate CVE-2024-23897

Immediate Actions Required

  • Disable Jenkins CLI feature if not needed
  • Limit network access to Jenkins server
  • Enforce strong authentication and access controls

Patch Information

Update to a Jenkins version where this vulnerability is mitigated. Refer to Jenkins Security Advisory for specific patch updates.

Workarounds

Disable the Jenkins CLI by setting jenkins.CLI.disabled=true in the jenkins/config.xml.

bash
# Configuration example
sed -i '/<cli>/n;s/<enabled>true/<enabled>false/' /var/lib/jenkins/config.xml
systemctl restart jenkins

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne