MEIFP – Most Exploited Internet-Facing Products

Jenkins Project

Products: Jenkins

40.6

Score

CVEs

Active

PoC

KEV

#68

Rank

Period:

Product:

CVE ID	Published	CVSS	Exploit	KEV	AC	PR	Auto	Score(hover)	Affected Products	Description
CVE-2024-23897	2024-01-24	9.8v3.1	ACTIVE		Low	None	YES	40.6	Jenkins	Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

Each CVE: 10 pts base (Active only), boosted by:

KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3