CVE-2024-23897

CVE-2024-23897 - Arbitrary file read vulnerability through the CLI can lead to RCE

Products and Versions affected:

Product	Affected Versions
Jenkis Server	<= 2.441 <= LTS 2.426.3

CVSS: CRITICAL
Actively Exploited: YES
Patch: YES
Mitigation: YES

Help

usage: CVE-2024-23897.py [-h] -c COUNTRY

options:
  -h, --help            show this help message and exit
  -c COUNTRY, --country COUNTRY
                        Country to scan with Shodan

Example: python CVE-2024-23897.py -c US

Lab

You can use the Jenkin's Docker container with a specific vulnerable version:

docker pull jenkins/jenkins:2.414.3-jdk17

Global Jenkins Servers with Shodan:

Shodan query:

http.favicon.hash:81586312

References

Jenkins Security Advisory 2024-01-24
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
Breaking Down CVE-2024-23897: PoC Code Surfaces Just After Jenkins Advisory
Allegedly active exploitation
Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

yoryio / CVE-2024-23897

CVE-2024-23897

CVE-2024-23897 - Arbitrary file read vulnerability through the CLI can lead to RCE

Help

Lab

Global Jenkins Servers with Shodan:

References

About

Languages