# Jenkins [Hacktricks](https://cloud.hacktricks.wiki/en/pentesting-ci-cd/jenkins-security/index.html) includes a section useful for exploring Jenkins vulnerabilities. [pwn_jenkins](https://github.com/gquere/pwn_jenkins) is a GitHub repository that provides info about Jenkins vulnerabilities as well. [CVE-2024-23897](https://www.cve.org/CVERecord?id=CVE-2024-23897) is a vulnerability in Jenkins 1.606-2.442 which allows arbitrary file retrieval by an unauthenticated client. Metasploit has a module exploiting this called `auxiliary/gather/jenkins_cli_ampersand_arbitrary_file_read`.