{
  "claim": {
    "argus_claim_ref": null,
    "attacker_control": null,
    "claimed_surface": "api_remote",
    "expected_impact": "code_execution",
    "finding_id": null,
    "id": null,
    "required_entrypoint_detail": null,
    "required_entrypoint_kind": "cli_command",
    "submission_reason": "ticket_derived",
    "trigger_class": null,
    "upstream_verdicts": null
  },
  "latest_description": "## Summary\nJenkins core CLI uses args4j’s `expandAtFiles` feature to replace arguments prefixed with `@` with file contents. In Jenkins 2.441 and earlier (weekly) and 2.426.2 and earlier (LTS), this feature is enabled by default, allowing unauthenticated attackers to read the first few lines of arbitrary files and users with Overall/Read permission to read entire files. Leaked secrets can enable further compromise, including RCE.\n\n## Affected Package\n- **Product:** Jenkins (core)\n- **Ecosystem:** generic\n- **Vulnerable Versions:** weekly <= 2.441; LTS <= 2.426.2\n- **Patched Versions:** 2.442; 2.426.3; 2.440.1\n\n## Details\nJenkins’ CLI command parser (args4j) supports an `@`-file expansion feature (`expandAtFiles`) that replaces any argument starting with `@` with the file’s contents, split into lines. Because Jenkins did not disable this feature, CLI commands that echo or include arguments in error messages can inadvertently disclose arbitrary file contents from the controller filesystem. \n\nImpact differs by permissions:\n- **Unauthenticated users:** can read the first few lines of arbitrary files using CLI commands accessible to anonymous users.\n- **Users with Overall/Read:** can read entire files. Leaked secrets (keys, tokens, remember-me secrets) can enable privilege escalation and RCE (e.g., via resource root URL or forged cookies/tokens as described in the vendor advisory).\n\nJenkins fixed this by disabling `@`-file expansion in the CLI parser by default. The feature can be re-enabled via `-Dhudson.cli.CLICommand.allowAtSyntax=true` (strongly discouraged). Disabling CLI access is a recommended workaround if an upgrade is not immediately possible.\n\n## Reproduction Steps\n**Environment Setup**\n1. Install Jenkins 2.441 (weekly) or 2.426.2 (LTS) on a test system.\n2. Ensure the CLI is enabled (default). \n3. Ensure a user has **Overall/Read** permission, or enable anonymous read access (Manage Jenkins → Security).\n\n**Steps (read a local file via CLI)**\n1. Download the CLI jar:\n   ```bash\n   curl -O http://localhost:8080/jnlpJars/jenkins-cli.jar\n   ```\n2. Execute a CLI command that will include arguments in error output (e.g., `connect-node`):\n   ```bash\n   java -jar jenkins-cli.jar -s http://localhost:8080 -auth reader:API_TOKEN connect-node \"@/etc/passwd\"\n   ```\n   *(If anonymous read is enabled, omit `-auth`.)*\n3. Observe the CLI output/error messages; each line of `/etc/passwd` is treated as an argument and echoed in error output when Jenkins fails to connect to a node with that name.\n\n## Indicators of Success\n- CLI output includes lines from the targeted file (e.g., `/etc/passwd`) proving arbitrary file read on the Jenkins controller.\n\n## Mitigations\n- Upgrade to Jenkins 2.442, LTS 2.426.3, or LTS 2.440.1.\n- If upgrade is not possible, **disable CLI access** (workaround documented by Jenkins).\n\n## Notes\n- Reading binary files is limited by the controller’s default character encoding (UTF-8 makes some bytes unreadable; Windows-1252 may allow more complete reads).\n",
  "product": "generic:jenkins",
  "severity": "critical",
  "status": "open",
  "summary": "Jenkins CLI argument parsing expands @<path> into file contents, enabling unauthenticated or low-privilege users to read arbitrary files on the controller and potentially escalate to RCE via leaked secrets.",
  "ticket_id": "CVE-2024-23897"
}