Endpoint Vulnerability

Security Vulnerabilities fixed in Jenkins 2024-01-24

Description

File inclusion via '@', missing origin validation, timing attack, CSP disable allow attackers to read/modify files, execute commands, hijack sessions, XSS/XXE, Jenkins core <=2.441/LTS<=2.426.2, Git server <=99.va_0826a_b_cdfa_d, Matrix <=822.v01b_8c85d16d2, GitLab <=684.vea_fa_7c1e2fe3.

Outbreak Alert

Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability.

View the full Outbreak Alert Report

Affected Applications

Jenkins

Version Updates

Date	Version	Status	Detail
2024-02-01	1.00623	Modified	Jenkins
2024-01-31	1.00622	Modified	Jenkins
2024-01-30	1.00621	New	Jenkins

References

https://www.jenkins.io/security/advisory/2024-01-24/

ID	5566
Created	Jan 30, 2024
Description Updated	Feb 13, 2026
CVE ID
Tags	Jenkins RCE Threat Signal
Risk
Coverage	FortiClient
OS	Windows
Vendor	Jenkins
Patch	manual
Application	Jenkins

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

Security Vulnerabilities fixed in Jenkins 2024-01-24

Description

Outbreak Alert

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

Security Vulnerabilities fixed in Jenkins 2024-01-24

Description

Outbreak Alert

Affected Applications

Version Updates

References

Threat Intelligence
Center