It is now crucial to update the latest Jenkins versions. The proof-of-concept (PoC) exploit code targeting a critical vulnerability patched last week is now publicly available.
Tracked as CVE-2024-23897 and affecting Jenkins versions before 2.442 and LTS 2.426.3, the security defect exists because the open source automation server’s command parser has a feature that replaces a ‘@’ character followed by a file path in an argument with the file’s contents.
Authenticated attackers can obtain the complete contents of files by using the PoC code.
Read More: PoC Exploit Published for Critical Jenkins Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.