关联漏洞
标题:
Jenkins GitBucket Plugin 安全漏洞
(CVE-2024-28157)
描述:Jenkins和Jenkins Plugin都是Jenkins开源的产品。Jenkins是一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。Jenkins Plugin是一个应用软件。 Jenkins GitBucket Plugin 0.8 版本之前存在安全漏洞,该漏洞源于不会清理构建视图上的 Gitbucket URL,从而导致存储型跨站脚本 (XSS) 漏洞,能够被能够配置作业的攻击者利用。
描述
Proof of Concept for CVE-2024-28157
介绍
# PoC CVE-2024-28157
### Overview
Jenkins **GitBucket** Plugin veersion 0.8 and earlier does not sanitize Gitbucket
URLs on build views, resulting in a stored **cross-site scripting XSS** vulnerability
exploitable by attackers able to configure jobs.
### Exploitation Steps
#### Setup Jenkins (using docker):
1. Use docker to run the jenkins image.
```
docker run jenkins/jenkins:lts
```
2. Install the Gitbucket Plugin from the GUI (The most recent version of this plugin is 0.8 which is vulnerable so the exploit will work).
#### Exploit:
1. Go to New Item and create a new job. Select the item type (I went with freestyle project in the demo).
2. In the configurations, provide a simple xxs payload `javascript:alert('hello')` inside the Gitbucket URL section.
3. Save the configs and go to the Gitbucket option. Observe the xss execution.
### Exploit Video
[jenkinsxxsexploit.webm](https://github.com/user-attachments/assets/fd2272e6-0d69-4ced-8ceb-531bfa2396f2)
文件快照
[4.0K] /data/pocs/691bd225dbe7e0c3ef4c4ed7081350de1923b442
├── [1.1K] LICENSE
└── [ 973] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。