Jenkins Origin Validation Error Vulnerability - CVE-2024-23898 - Vulnerability Database

Jenkins Origin Validation Error Vulnerability - CVE-2024-23898

High

Reference: CVE-2024-23898

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-23898

Title: Jenkins Origin Validation Error Vulnerability

Overview:

Jenkins 2.217 through 2.441 (both inclusive) LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability allowing attackers to execute CLI commands on the Jenkins controller.