Skip to content

Latest commit

 

History

History
56 lines (37 loc) · 2.05 KB

README.md

File metadata and controls

56 lines (37 loc) · 2.05 KB

CVE-2024-23897

CVE-2024-23897 - Arbitrary file read vulnerability through the CLI can lead to RCE

image

Products and Versions affected:

Product Affected Versions
Jenkis Server <= 2.441
<= LTS 2.426.3
  • CVSS: CRITICAL
  • Actively Exploited: YES
  • Patch: YES
  • Mitigation: YES

Help

usage: CVE-2024-23897.py [-h] -c COUNTRY

options:
  -h, --help            show this help message and exit
  -c COUNTRY, --country COUNTRY
                        Country to scan with Shodan

Example: python CVE-2024-23897.py -c US

Lab

You can use the Jenkin's Docker container with a specific vulnerable version:

docker pull jenkins/jenkins:2.414.3-jdk17

Global Jenkins Servers with Shodan:

  • Shodan query:
http.favicon.hash:81586312

Screenshot from 2024-01-26 23-07-40

References