Exploit for #VU85786 Improper access control in Jenkins and Jenkins LTS

Published: 2024-01-29 | Updated: 2024-04-05

Vulnerability identifier: #VU85786

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2024-23897

CWE-ID: CWE-284

Exploitation vector: Network

Exploits in database: 6

April 5, 2024
- CVE-2024-23897 [Github]
March 28, 2024
- Jenkins cli Ampersand Replacement Arbitrary File Read [Metasploit]
March 22, 2024
- CVE-2024-23897 [Github]
March 4, 2024
- CVE-2024-23897 [Github]
February 27, 2024
- CVE-2024-23897 [Github]
January 29, 2024
- CVE-2024-23897 [Github]

Impact: Code execution

Vulnerable software:
Jenkins
Server applications / Application servers
Jenkins LTS
Server applications / Application servers

Vendor: Jenkins