CISA has added CVE-2024-23897, a severe security flaw affecting Jenkins' Command Line Interface, to its list of Known Exploited Vulnerabilities, urging organizations to secure their systems.
Yaniv Nizry, a researcher at SonarSource, emphasized the potential risk posed by the Jenkins vulnerability due to its significant market share and wide usage among developers in CI/CD.
The security vulnerability allows attackers to exploit a weakness in the args4j command parser, leading to remote code execution and potential unauthorized access to files on Jenkins servers.
Although a fix was issued in January, organizations running Jenkins are advised to ensure the security of their servers as the flaw was publicly disclosed and actively exploited.
Collection
[
|
...
]