Jenkins Core Remote Code Execution Vulnerability (CVE-2024-23897)

Jenkins has addressed a critical severity vulnerability (CVE-2024-23897) affecting Jenkins Core. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on target systems. The vulnerability is being exploited in the wild. Many threat researchers have released the PoC for the vulnerability.

Jenkins Server Memory Corruption Vulnerability (CVE-2019-17638)

Overview Jenkins recently released updates for the critical memory corruption vulnerability (CVE-2019-17638) in the Jetty web server. Successful exploitation of this vulnerability may allow unauthenticated users to obtain sensitive information through HTTP response headers. Jenkins is typically run as a standalone application in its own process with the built-in Java servlet container or application server … Continue reading “Jenkins Server Memory Corruption Vulnerability (CVE-2019-17638)”