漏洞信息(CVE-2024-23897)

漏洞详情： CVE-2024-23897

漏洞标题

NVD 暂无描述信息

来源：NVD

Jenkins 安全漏洞

来源：CNNVD

漏洞描述

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

来源：NVD

Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建，部署和自动化任何项目。 Jenkins 2.441及之前版本、LTS 2.426.2及之前版本存在安全漏洞，该漏洞源于允许未经身份验证的攻击者读取Jenkins控制器文件系统。

来源：CNNVD

Jenkins 2.441及更早的版本，以及LTS 2.426.2和更早的版本不会禁用其命令行接口（CLI）命令解析器的一个功能，它将一个"@"字符后跟一个文件路径作为参数的内容替换为文件的内容，这使得未经授权的攻击者可以阅读任意文件。

来源：神龙机器人

漏洞评分(CVSS)

NVD 暂无评分

来源：NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

来源：神龙机器人, 准确率：N/A

漏洞类别

NVD 暂无漏洞类别信息

来源：NVD

其他

来源：CNNVD

情报信息

0x1 POC 情报

Workaround for disabling the CLI to mitigate SECURITY-3314/CVE-2024-23897 and SECURITY-3315/CVE-2024-23898

详情: https://github.com/jenkinsci-cert/SECURITY-3314-3315

None

来源：POC-IN-GITHUB

0x2 POC 情报

CVE-2024-23897 (CVSS 9.8): Critical Jenkins Security Vulnerability, RCE POC

详情: https://github.com/forsaken0127/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x3 POC 情报

None

详情: https://github.com/binganao/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x4 POC 情报

CVE-2024-23897

详情: https://github.com/h4x0r-dz/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x5 POC 情报

CVE-2024-23897 | Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner.

详情: https://github.com/xaitax/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x6 POC 情报

None

详情: https://github.com/vmtyan/poc-cve-2024-23897

None

来源：POC-IN-GITHUB

0x7 POC 情报

Scanner for CVE-2024-23897 - Jenkins

详情: https://github.com/yoryio/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x8 POC 情报

CVE-2024-23897 jenkins-cli

详情: https://github.com/CKevens/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x9 POC 情报

on this git you can find all information on the CVE-2024-23897

详情: https://github.com/iota4/PoC-jenkins-rce_CVE-2024-23897

None

来源：POC-IN-GITHUB

0x10 POC 情报

CVE-2024-23897 - Jenkins 任意文件读取利用工具

详情: https://github.com/wjlin0/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x11 POC 情报

This repository presents a proof-of-concept of CVE-2024-23897

详情: https://github.com/Vozec/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x12 POC 情报

详情: https://github.com/raheel0x01/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x13 POC 情报

Jenkins POC of Arbitrary file read vulnerability through the CLI can lead to RCE

详情: https://github.com/viszsec/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x14 POC 情报

None

详情: https://github.com/jopraveen/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x15 POC 情报

PoC for CVE-2024-23897

详情: https://github.com/AbraXa5/Jenkins-CVE-2024-23897

None

来源：POC-IN-GITHUB

0x16 POC 情报

on this git you can find all information on the CVE-2024-23897

详情: https://github.com/iota4/PoC-Fix-jenkins-rce_CVE-2024-23897

None

来源：POC-IN-GITHUB

0x17 POC 情报

CVE-2024-23897 jenkins arbitrary file read which leads to unauthenticated RCE

详情: https://github.com/brijne/CVE-2024-23897-RCE

None

来源：POC-IN-GITHUB

0x18 POC 情报

None

详情: https://github.com/WLXQqwer/Jenkins-CVE-2024-23897-

None

来源：POC-IN-GITHUB

0x19 POC 情报

Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)

详情: https://github.com/kaanatmacaa/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x20 POC 情报

详情: https://github.com/Praison001/CVE-2024-23897-Jenkins-Arbitrary-Read-File-Vulnerability

None

来源：POC-IN-GITHUB

0x21 POC 情报

on this git you can find all information on the CVE-2024-23897

详情: https://github.com/10T4/PoC-Fix-jenkins-rce_CVE-2024-23897

None

来源：POC-IN-GITHUB

0x22 POC 情报

CVE-2024-23897

详情: https://github.com/B4CK4TT4CK/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x23 POC 情报

None

详情: https://github.com/abdomagdy0/CVE-2024-23897-htb

None

来源：POC-IN-GITHUB

0x24 POC 情报

POC for CVE-2024-23897 Jenkins File-Read

详情: https://github.com/godylockz/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x25 POC 情报

Jenkins Arbitrary File Leak Vulnerability [CVE-2024-23897]

详情: https://github.com/ifconfig-me/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x26 POC 情报

Perform with massive Jenkins Reading-2-RCE

详情: https://github.com/ThatNotEasy/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x27 POC 情报

Un script realizado en python para atumatizar la vulnerabilidad CVE-2024-23897

详情: https://github.com/pulentoski/CVE-2024-23897-Arbitrary-file-read

None

来源：POC-IN-GITHUB

0x28 POC 情报

Scraping tool to ennumerate directories or files with the CVE-2024-23897 vulnerability in Jenkins.

详情: https://github.com/Nebian/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x29 POC 情报

This is an exploit script for CVE-2024-23897, a vulnerability affecting certain systems. The script is intended for educational and testing purposes only. Ensure that you have the necessary permissions before using it.

详情: https://github.com/Abo5/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x30 POC 情报

None

详情: https://github.com/TheRedDevil1/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x31 POC 情报

Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability

详情: https://github.com/Athulya666/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x32 POC 情报

[CVE-2024-23897] Jenkins CI Authenticated Arbitrary File Read Through the CLI Leads to Remote Code Execution (RCE)

详情: https://github.com/murataydemir/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x33 POC 情报

None

详情: https://github.com/mil4ne/CVE-2024-23897-Jenkins-4.441

None

来源：POC-IN-GITHUB

0x34 POC 情报

Poc para explotar la vulnerabilidad CVE-2024-23897 en versiones 2.441 y anteriores de Jenkins, mediante la cual podremos leer archivos internos del sistema sin estar autenticados

详情: https://github.com/Maalfer/CVE-2024-23897

None

来源：POC-IN-GITHUB

0x35 POC 情报

Un exploit con el que puedes aprovecharte de la vulnerabilidad (CVE-2024-23897)

详情: https://github.com/Surko888/Surko-Exploit-Jenkins-CVE-2024-23897

None

来源：POC-IN-GITHUB

0x36 POC 情报

CVE-2024-23897 jenkins-cli

详情: https://github.com/3yujw7njai/CVE-2024-23897

None