CVE-2024-23897

Description: Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

Link: Visit the GitHub Repository

Language: Python

Owner: Marouane133

Stars: 0

Forks: 0