CVE-2024-23897: Jenkins CLI Arbitrary File Read Leading to RCE
How a single args4j library feature turned every internet-facing Jenkins server into an unauthenticated file read endpoint — and in some configurations, a full remote code execution vector against your software supply chain
CVE-2024-23897 is a critical arbitrary file read vulnerability in Jenkins — the open-source CI/CD server used by millions of development teams worldwide. Discovered by Sonarsource researchers and disclosed January 24, 2024, the flaw exploits a feature of the args4j argument parsing library that Jenkins uses for its built-in CLI. Any file on the Jenkins controller's filesystem can be read without authentication, including credential stores, private keys, and configuration files. In the worst-case configuration, reading cryptographic key material enabled complete remote code execution. A compromised Jenkins controller is a software supply chain attack waiting to happen.
Root Cause: args4j @ File Expansion
Jenkins includes a built-in CLI accessible over HTTP (or optionally SSH) that administrators and automation tools use to interact with the server programmatically. The CLI uses the args4j library for argument parsing. args4j includes a file expansion feature: when a command-line argument begins with @, the library reads the specified file and treats its contents as additional command-line arguments.
This feature exists in many CLI tools for passing long argument lists via file. In Jenkins, it was exposed without adequate access controls. An unauthenticated attacker could invoke any Jenkins CLI command with an @/path/to/any/file argument — Jenkins would read that file and return its first line in the resulting error message (since file contents are unlikely to be valid CLI arguments).
With certain permission levels, the full file content was readable. Critically, Jenkins' JENKINS_HOME directory contains credential stores, master key material, and configuration files that should never be externally readable.
Escalation Path: File Read to Remote Code Execution
The arbitrary file read alone is a critical finding, but the escalation path made CVE-2024-23897 exceptional:
**Credential theft**: Jenkins stores credentials in credentials.xml, encrypted with keys from secrets/master.key and secrets/hudson.util.Secret. Reading these three files and applying Jenkins' decryption logic (publicly documented) exposes every stored credential in plaintext — AWS keys, SSH private keys, API tokens, VCS passwords.
**Cryptographic key compromise**: The file secrets/slave-to-master-security-kill-switch and related paths contain private key material used in Jenkins' CLI authentication protocol. Obtaining these keys allowed forging authenticated CLI sessions.
**Deserialization RCE**: On older Jenkins instances with the remoting-based CLI enabled (deprecated but not always disabled), forged authenticated sessions could trigger Java object deserialization with attacker-controlled data — a well-known RCE primitive in Java applications.
**Groovy Script Console**: With stolen admin credentials, the Jenkins Script Console executes arbitrary Groovy code at OS level. This is the most straightforward post-credential-theft RCE path.
Attack Chain: From Internet to Supply Chain Compromise
The full exploitation path targeting a CI/CD supply chain:
Identify Internet-Facing Jenkins
Attacker discovers Jenkins instance via Shodan, Censys, or targeted recon. Jenkins CLI is enabled by default on port 8080 and accessible without prior authentication.
Unauthenticated File Read
CLI command sent with @/var/jenkins_home/secrets/master.key argument; Jenkins returns first line of the master key file in an error response. Repeat for hudson.util.Secret and credentials.xml.
Credential Decryption
Using publicly documented Jenkins credential decryption logic (master.key + hudson.util.Secret), attacker decrypts all credentials stored in credentials.xml — cloud keys, VCS tokens, signing certificates.
Admin Access or Direct RCE
Stolen admin credentials used to authenticate to Jenkins and access Script Console. Groovy payload executes arbitrary OS commands as the Jenkins process user.
Supply Chain Compromise
Attacker modifies build pipeline definitions to inject malicious code into compiled artifacts, poisons container images pushed to registries, or plants backdoors in packages before production deployment.
Why Jenkins Is a Crown Jewel Target
CI/CD servers are uniquely privileged systems. A Jenkins controller routinely holds access to source code repositories, cloud provider credentials for deployment, container registry push credentials, code signing certificates for production binaries, and network access to staging and production environments through build agents.
Compromising a Jenkins controller is structurally similar to a SolarWinds-style supply chain attack — the attacker gains the ability to inject malicious code into software before it reaches end users, signed by the victim organization's own certificates, delivered through trusted update mechanisms. The February 2024 CISA KEV addition reflected the high observed exploitation rate against production Jenkins servers across multiple sectors.
Indicators of Compromise
Detection focuses on anomalous CLI usage patterns and filesystem access:
| Artifact | Type | SHA-256 (Truncated) |
|---|---|---|
| HTTP POST to /cli endpoint with multipart body containing @ prefixed file paths | Network / web server log | Any CLI request body referencing absolute filesystem paths via @ prefix is a direct exploitation attempt |
| Jenkins error logs returning file content in CLI error messages | Application log | Jenkins logs (jenkins.log) may show args4j parsing errors that echo the content of the @ referenced file |
| New admin user accounts created via API or UI without corresponding change management record | Jenkins audit log | Post-exploitation persistence step; check Jenkins audit trail plugin logs for user creation events |
| Script Console execution events with base64-encoded or obfuscated Groovy payloads | Jenkins audit log | Legitimate admin Script Console use is rare and should be change-managed; unexpected executions indicate compromise |
Any instance of msimg32.dll found outside C:\Windows\System32 is an active IOC. Isolate the host immediately. Full hashes and IOC lists are available via the Cisco Talos GitHub repository.
Remediation
Steps in order of urgency:
Update Jenkins to LTS 2.442+ or weekly 2.441+
The patch disables args4j's @ file expansion feature in the CLI argument parser. Verify the running version at Manage Jenkins → About Jenkins. The 2.440.x LTS line did not receive a backport — upgrade directly to 2.442.
Disable the Jenkins CLI as an emergency compensating control
If immediate patching is not possible, disable the CLI via Manage Jenkins → Security → CLI (uncheck 'Enable CLI over Remoting'). Also block the /cli HTTP path at the reverse proxy layer. This eliminates the primary attack surface while patching is coordinated.
Rotate all credentials stored in Jenkins
Assume all credentials in Jenkins credential stores are compromised if the instance was internet-facing before patching. Rotate every stored secret: AWS/GCP/Azure keys, SSH private keys, API tokens, VCS credentials, and code signing certificates. Revoke the old values before rotating.
Rotate Jenkins master key and derived secrets
The master key (secrets/master.key) and hudson.util.Secret are used to encrypt all stored credentials. If an attacker read these files, all credentials encrypted with them are exposed. Rotate the master key using Jenkins' built-in secret rotation procedure after all stored credentials have been changed.
Isolate Jenkins behind VPN or IP allowlist
Jenkins should not be directly internet-accessible. Place it behind a VPN, bastion host, or strict IP allowlist restricted to known CI/CD infrastructure IPs. This eliminates unauthenticated network-level access for this and future vulnerabilities.
Audit build pipeline configurations for unauthorized modifications
If compromise is suspected, review all Jenkinsfile and pipeline configurations for added build steps, unexpected script executions, or artifact tampering. Treat any artifact built during the potential compromise window as untrusted until audited.
The bottom line
CVE-2024-23897 is the nightmare scenario for software supply chain security — an unauthenticated file read in a system that holds the credentials and build pipeline control for an organization's entire software delivery process. The path from 'read any file' to 'modify production binaries' is four steps and requires no specialized tooling beyond a Jenkins CLI client. Any organization running Jenkins must treat the January 2024 patch as an emergency update and conduct a post-incident credential audit regardless of whether active exploitation was confirmed.
Frequently asked questions
Does CVE-2024-23897 require authentication?
The first-line file read is accessible to unauthenticated users by default. Full file content (beyond the first line) may require Overall/Read permission, but many Jenkins instances grant anonymous users this level. The practical impact of the first-line read is still severe — it can expose partial credential content and cryptographic key material.
What is the difference between Jenkins LTS 2.440.x and 2.442?
CVE-2024-23897 is patched in Jenkins LTS 2.442 and Jenkins weekly 2.441. The LTS 2.440.x branch did not receive a backported fix — organizations on 2.440.x must upgrade to 2.442 or later, not just apply a minor update within the 2.440 line.
Is Jenkins Cloud (jenkins.io hosted) or GitHub Actions affected?
CVE-2024-23897 only affects self-hosted Jenkins instances. Managed CI/CD platforms like GitHub Actions, GitLab CI, CircleCI, and Jenkins on CloudBees SaaS are not affected by this vulnerability. The flaw is specific to the Jenkins CLI implementation in the open-source server.
Sources & references
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, weekly, no spam.
Unsubscribe anytime. We never sell your data.
Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals weekly.