Jenkins with no login — CVE-2024-23897
TL;DR What: A flaw in the Jenkins CLI lets an attacker read files on the Jenkins server using a special “@file” trick in command arguments. In many setups, this works without logging in (unauthenticated), though it may initially reveal only the firs...
Sep 13, 20254 min read18
