CVE-2024-23897
Description
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Severity: CRITICAL
CVE ID: CVE-2024-23897
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
jenkinsci-cert
Workaround for disabling the CLI to mitigate SECURITY-3314/CVE-2024-23897 and SECURITY-3315/CVE-2024-23898
Refrence: GitHub
binganao
Refrence: GitHub
h4x0r-dz
CVE-2024-23897
Refrence: GitHub
xaitax
CVE-2024-23897 | Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner.
Refrence: GitHub
vmtyan
Refrence: GitHub
yoryio
Scanner for CVE-2024-23897 - Jenkins
Refrence: GitHub
CKevens
CVE-2024-23897 jenkins-cli
Refrence: GitHub
10T4
on this git you can find all information on the CVE-2024-23897
Refrence: GitHub
wjlin0
CVE-2024-23897 - Jenkins 任意文件读取 利用工具
Refrence: GitHub
Vozec
This repository presents a proof-of-concept of CVE-2024-23897
Refrence: GitHub
raheel0x01
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Refrence: GitHub
viszsec
Jenkins POC of Arbitrary file read vulnerability through the CLI can lead to RCE
Refrence: GitHub
jopraveen
Refrence: GitHub
AbraXa5
PoC for Jenkins CVE-2024-23897
Refrence: GitHub
brijne
CVE-2024-23897 jenkins arbitrary file read which leads to unauthenticated RCE
Refrence: GitHub
WLXQqwer
Refrence: GitHub
kaanatmacaa
Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)
Refrence: GitHub
Praison001
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Refrence: GitHub
B4CK4TT4CK
CVE-2024-23897
Refrence: GitHub
godylockz
POC for CVE-2024-23897 Jenkins File-Read
Refrence: GitHub
ifconfig-me
Jenkins Arbitrary File Leak Vulnerability [CVE-2024-23897]
Refrence: GitHub
ThatNotEasy
Perform with massive Jenkins Reading-2-RCE
Refrence: GitHub
pulentoski
Un script realizado en python para atumatizar la vulnerabilidad CVE-2024-23897
Refrence: GitHub
Nebian
Scraping tool to ennumerate directories or files with the CVE-2024-23897 vulnerability in Jenkins.
Refrence: GitHub
Abo5
This is an exploit script for CVE-2024-23897, a vulnerability affecting certain systems. The script is intended for educational and testing purposes only. Ensure that you have the necessary permissions before using it.
Refrence: GitHub
Content on GitHub
gobysec | watchers:677
GobyVuls
Vulnerabilities of Goby supported with exploitation.
Refrence: GitHub
gobysec | watchers:1334
Goby
Attack surface mapping
Refrence: GitHub