Jenkins Arbitrary File Read Vulnerability | CVE-2024-23897 PoC 

Jenkins is an open-source automation server.
Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles), which leads attackers to read arbitrary files from the Jenkins server.
The SecOps Group is a globally recognized IT security company having extensive and varied experience in providing cybersecurity consultancy and education services. At The SecOps Group, we believe that security is a continuous process, which has to progress with time and in accordance with the customer needs and constantly evolving threats. Our core business comprises of two units:
1. Consultancy:
Pentesting and Advisory
The SecOps Group are cybersecurity experts offering CREST-accredited security consultancy services.
2. Education:
Pentesting Exams
Through our exams, we provide an authentic and credible certification that is modern, relevant, and represents real-life business risks.
For business: secops.group/
#information #infosec #bugbounty #devops #cybersecurity #devsecops