CVE-2024-23898 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-23898 PUBLISHED

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

EPSS 36.87% · 97.1th percentile

Risk Scores

EPSS Score

36.87%

97.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	2.217.0
Bitnami	jenkins	2.217.0

Timeline

Jan 24, 2024 CVE Published
Jan 26, 2024 CVE Updated
Jan 31, 2024 EPSS Score
Mar 25, 2024 EPSS Score
Apr 21, 2024 EPSS Score
Jun 14, 2024 EPSS Score
Jul 11, 2024 EPSS Score
Sep 3, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 27, 2024 EPSS Score
Nov 23, 2024 EPSS Score
Jan 17, 2025 EPSS Score

References

Open in Interactive Console →