Jenkins with no login — CVE-2024-23897

TL;DR What: A flaw in the Jenkins CLI lets an attacker read files on the Jenkins server using a special “@file” trick in command arguments. In many setups, this works without logging in (unauthenticated), though it may initially reveal only the firs...