关联漏洞
标题:Jenkins 安全漏洞 (CVE-2024-43044)Description:Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。 Jenkins 2.470及之前版本和Jenkins LTS 2.452.3及之前版本存在安全漏洞,该漏洞源于允许代理进程使用Remoting中的ClassLoaderProxy#fetchJar方法从Jenkins控制器文件系统读取任意文件。
Description
Exploit for the vulnerability CVE-2024-43044 in Jenkins
介绍
## Intro
This is an exploit for CVE-2024-43044, an arbitrary file read that allows an agent to fetch files from the controller.
The exploit will use the vulnerability to read files to forge a remember-me cookie for an admin account and gain access to
Jenkins scripting engine.
Check out the full writeup at https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
## Building the exploit
```
mvn package
```
## Running the exploit
```
Exploit Usages:
java -jar exploit.jar mode_secret <jenkinsUrl> <nodeName> <nodeSecretKey>
java -jar exploit.jar mode_attach <jenkinsUrl> <cmd>
java -jar exploit.jar mode_attach <cmd>
```
## Testing
You can test it in vulnerable version using docker:
```
docker run -p 8080:8080 -p 50000:50000 --restart=on-failure jenkins/jenkins:2.441-jdk17
```
Once you have a jenkins runnning, setup an agent.
The controller/agent connection can be either default (using url, nodename, secret) or via SSH.
## Demonstration
.
## References
https://www.jenkins.io/security/advisory/2024-08-07/
文件快照
[4.0K] /data/pocs/7d1f07faf66e00a513c66546506329f0e5328123
├── [4.0K] assets
│ └── [2.9M] rce_mode_secret.gif
├── [3.2K] pom.xml
├── [1.1K] README.md
└── [4.0K] src
└── [4.0K] main
└── [4.0K] java
└── [4.0K] poc
├── [6.6K] CookieForger.java
├── [4.1K] FakeCookieForger.java
├── [5.6K] Main.java
├── [8.9K] PocListener.java
├── [1.2K] RemoteFileReader.java
├── [6.3K] ScriptConsole.java
├── [5.2K] SystemUtils.java
├── [ 516] UserInfo.java
└── [4.3K] UserParser.java
5 directories, 12 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。