What is CVE-2024-23898?

A high-severity vulnerability has been identified in Jenkins, affecting versions 2.217 through 2.441 and LTS versions 2.222.1 through 2.426.2. This vulnerability allows attackers to execute CLI commands on the Jenkins controller through a cross-site WebSocket hijacking. Immediate action is required to mitigate risks.

What is the severity of CVE-2024-23898?

CVE-2024-23898 has a severity rating of HIGH with a CVSS base score of 8.8.

CVE-2024-23898 | High Vulnerability in Jenkins

Jenkins, a widely used automation server, has a high-severity vulnerability designated as CVE-2024-23898. This vulnerability allows attackers to execute CLI commands on the Jenkins controller through cross-site WebSocket hijacking. The affected versions include Jenkins 2.217 through 2.441 and LTS versions 2.222.1 through 2.426.2.

The CVSS score for this vulnerability is 8.8, indicating a high severity level. Organizations utilizing vulnerable versions of Jenkins are at significant risk, as the lack of origin validation for CLI WebSocket requests could be exploited to gain unauthorized access.

Risk to organizations includes potential CLI command execution, leading to severe impacts on confidentiality, integrity, and availability. As such, organizations should prioritize patching immediately.

Exploitation status indicates that a known exploit exists. Organizations must act swiftly to mitigate exposure and potential attacks.

Vulnerability Details

The vulnerability arises from Jenkins not performing origin validation of requests made through the CLI WebSocket endpoint. This design flaw allows attackers to hijack WebSocket connections and execute commands on the Jenkins controller.

The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, confirming high confidentiality, integrity, and availability impacts. The vulnerability was published on January 24, 2024.

CWE-346, indicative of a cross-site WebSocket hijacking vulnerability, applies here.

Technical Analysis

The root cause of this vulnerability is the inadequate validation of the origin of WebSocket requests in Jenkins. The attack vector is primarily network-based, requiring low complexity for successful exploitation.

The exploitation requires no special privileges, but user interaction is necessary to initiate the WebSocket connection. This makes the attack feasible against users who are logged into Jenkins.

The impact of exploitation can result in a complete compromise of the Jenkins controller, severely affecting confidentiality, integrity, and availability.

Risk & Impact Analysis

Real-world deployment risk is significant for organizations using the affected Jenkins versions. Attackers can leverage this vulnerability to execute arbitrary commands, potentially leading to data breaches, service disruptions, and compromise of sensitive information.

The urgency for addressing this vulnerability is high, given the potential blast radius and the fact that known exploits exist. Organizations should assess their exposure and prioritize remediation efforts.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions are Jenkins 2.217 through 2.441 and LTS versions 2.222.1 through 2.426.2. Organizations running these versions should take immediate action to mitigate risks.

Mitigation & Remediation

To mitigate this vulnerability, organizations should upgrade to the latest version of Jenkins. For those unable to upgrade, disabling the CLI WebSocket endpoint can serve as a temporary workaround. Regularly reviewing and applying patches is essential for maintaining security.

Organizations should validate remediation through penetration testing to identify similar weaknesses.

Detection Guidance

Monitoring for unusual WebSocket activity and CLI command execution can help detect potential exploitation. Organizations should review logs for unauthorized access attempts and implement network controls to restrict access to the Jenkins controller.

AppSecure Threat Intelligence Insight

This vulnerability highlights a critical aspect of web application security; proper validation of origins for WebSocket connections is essential. Security teams must remain vigilant in identifying and mitigating similar vulnerabilities in their environments.

To improve security posture, organizations should establish a comprehensive vulnerability management program that includes regular assessments and updates.

Additionally, leveraging tactics such as penetration testing methodology can uncover hidden vulnerabilities.

Finally, understanding the implications of vulnerabilities such as this one ensures proactive measures can be taken to safeguard systems against future threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-23898: High Vulnerability in Jenkins