CVE-2024-23897 PoC — Jenkins 安全漏洞

Source

https://github.com/slytechroot/CVE-2024-23897

Associated Vulnerability

Title:Jenkins 安全漏洞 (CVE-2024-23897)
Description:Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建，部署和自动化任何项目。 Jenkins 2.441及之前版本、LTS 2.426.2及之前版本存在安全漏洞，该漏洞源于允许未经身份验证的攻击者读取Jenkins控制器文件系统。

Description

Jenkins RCE Arbitrary File Read CVE-2024-23897

Readme

# CVE-2024-23897
Jenkins RCE Arbitrary File Read CVE-2024-23897 

Usage:
python poc.py http://127.0.0.1:8888/ [/etc/passwd]

Update:
Update to Jenkins 2.442, LTS 2.426.3

Fix:
If you can't update to the latest version, disable access to the CLI, this should completely eliminate the possibility of exploitation.

File Snapshot


 [4.0K]  /data/pocs/c6c9c12826e547af78bca1d7387087b48c0291d8
├── [1.4K]  CVE-2024-23897.py
└── [ 312]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!