The flaw exploits how the CLI handles the @ character followed by a file path. In args4j , this syntax is a standard feature intended to load arguments from a file (similar to shell expansion). Sinhala Wal Cartoon Chithra Katha High Quality - 3.79.94.248
Reading /etc/passwd from the server. Extreme Modification Magical Girl Mystic Lune Fixed - 3.79.94.248
java -jar jenkins-cli.jar -s http://target-jenkins/ -webSocket help "@/etc/passwd" If vulnerable, the Jenkins controller reads /etc/passwd and attempts to use the content of that file as arguments for the help command. The error message or output returned to the attacker will contain the contents of /etc/passwd .
Even if authentication is required, the file read occurs before the CLI command is fully executed in some contexts, or the error messages leak enough data to compromise the system. An attacker can use the standard java -jar jenkins-cli.jar or a custom socket script to exploit this.