On January 24, 2024, the Jenkins project team published a security advisory notifying users of two critical vulnerabilities, CVE-2024-23897 and CVE-2024-23898, affecting versions of Jenkins prior to Jenkins 2.441 and earlier, LTS 2.426.2. These vulnerabilities could allow unauthenticated remote attackers to execute arbitrary code on Jenkins servers.