clayton@site:~/news$ cat cve-2024-23897-jenkins-jenkins-command-line-interface-cli.log

CVE-2024-23897 — Jenkins Command Line Interface (CLI) Path Traversal Vulnerability

2024-08-19 • CISA Known Exploited Vulnerability

[event] Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

> AFFECTED SOFTWARE

Field	Value
Vendor	Jenkins
Product	Jenkins Command Line Interface (CLI)
CWE	CWE-27
CVE ID	CVE-2024-23897
Date Added	2024-08-19
Due Date	2024-09-09
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-09-09

> REFERENCES

[1] https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-23897