Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins has been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based open-source automation server that helps developers build, test and deploy applications, enabling continuous integration (CI) and continuous delivery (CD). CVE-2024-23897 is an arbitrary file read vulnerability in Jenkins’ built-in command line interface (CLI) that could allow an unauthenticated threat actor with Overall/Read … More

The post Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) appeared first on Help Net Security.