diff --git a/lib/compute/jenkins-main-node.ts b/lib/compute/jenkins-main-node.ts
index 6948567..189fe9e 100644
--- a/lib/compute/jenkins-main-node.ts
+++ b/lib/compute/jenkins-main-node.ts
@@ -265,6 +265,11 @@ export class JenkinsMainNode {
       + ' instance_id=`curl -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id` && echo $ami_id &&'
       + ` aws ec2 --region ${stackRegion} modify-instance-metadata-options --instance-id $instance_id --http-put-response-hop-limit 2`),
 
+      // Jenkins CVE https://www.jenkins.io/security/advisory/2024-01-24/ mitigation 
+      InitCommand.shellCommand('mkdir -p /var/lib/jenkins/init.groovy.d'),
+      // eslint-disable-next-line max-len
+      InitCommand.shellCommand('sudo curl -SL https://raw.githubusercontent.com/jenkinsci-cert/SECURITY-3314-3315/1363970ecc33a6b94620f2167d4a301fcf46bd36/disable-cli.groovy -o /var/lib/jenkins/init.groovy.d/disable-cli.groovy'),
+
       // Configuration to proxy jenkins on :8080 -> :80
       InitFile.fromString('/etc/httpd/conf.d/jenkins.conf',
         httpConfigProps.useSsl
diff --git a/test/compute/jenkins-main-node.test.ts b/test/compute/jenkins-main-node.test.ts
index 650f2fb..ab588d4 100644
--- a/test/compute/jenkins-main-node.test.ts
+++ b/test/compute/jenkins-main-node.test.ts
@@ -26,7 +26,7 @@ describe('JenkinsMainNode Config Elements', () => {
 
   // THEN
   test('Config elements expected counts', async () => {
-    expect(configElements.filter((e) => e.elementType === 'COMMAND')).toHaveLength(20);
+    expect(configElements.filter((e) => e.elementType === 'COMMAND')).toHaveLength(22);
     expect(configElements.filter((e) => e.elementType === 'PACKAGE')).toHaveLength(9);
     expect(configElements.filter((e) => e.elementType === 'FILE')).toHaveLength(4);
   });