CVE-2024-23897
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-23897
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jenkins 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。 Jenkins 2.441及之前版本、LTS 2.426.2及之前版本存在安全漏洞,该漏洞源于允许未经身份验证的攻击者读取Jenkins控制器文件系统。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Jenkins Project | Jenkins | 0 ~ 1.606 | - |
II. Public POCs for CVE-2024-23897
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Workaround for disabling the CLI to mitigate SECURITY-3314/CVE-2024-23897 and SECURITY-3315/CVE-2024-23898 | https://github.com/jenkinsci-cert/SECURITY-3314-3315 | POC Details |
| 2 | CVE-2024-23897 (CVSS 9.8): Critical Jenkins Security Vulnerability, RCE POC | https://github.com/forsaken0127/CVE-2024-23897 | POC Details |
| 3 | None | https://github.com/binganao/CVE-2024-23897 | POC Details |
| 4 | CVE-2024-23897 | https://github.com/h4x0r-dz/CVE-2024-23897 | POC Details |
| 5 | CVE-2024-23897 | Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner. | https://github.com/xaitax/CVE-2024-23897 | POC Details |
| 6 | None | https://github.com/vmtyan/poc-cve-2024-23897 | POC Details |
| 7 | Scanner for CVE-2024-23897 - Jenkins | https://github.com/yoryio/CVE-2024-23897 | POC Details |
| 8 | CVE-2024-23897 jenkins-cli | https://github.com/CKevens/CVE-2024-23897 | POC Details |
| 9 | on this git you can find all information on the CVE-2024-23897 | https://github.com/iota4/PoC-jenkins-rce_CVE-2024-23897 | POC Details |
| 10 | CVE-2024-23897 - Jenkins 任意文件读取 利用工具 | https://github.com/wjlin0/CVE-2024-23897 | POC Details |
| 11 | This repository presents a proof-of-concept of CVE-2024-23897 | https://github.com/Vozec/CVE-2024-23897 | POC Details |
| 12 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | https://github.com/raheel0x01/CVE-2024-23897 | POC Details |
| 13 | Jenkins POC of Arbitrary file read vulnerability through the CLI can lead to RCE | https://github.com/viszsec/CVE-2024-23897 | POC Details |
| 14 | None | https://github.com/jopraveen/CVE-2024-23897 | POC Details |
| 15 | PoC for CVE-2024-23897 | https://github.com/AbraXa5/Jenkins-CVE-2024-23897 | POC Details |
| 16 | on this git you can find all information on the CVE-2024-23897 | https://github.com/iota4/PoC-Fix-jenkins-rce_CVE-2024-23897 | POC Details |
| 17 | CVE-2024-23897 jenkins arbitrary file read which leads to unauthenticated RCE | https://github.com/brijne/CVE-2024-23897-RCE | POC Details |
| 18 | None | https://github.com/WLXQqwer/Jenkins-CVE-2024-23897- | POC Details |
| 19 | Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability) | https://github.com/kaanatmacaa/CVE-2024-23897 | POC Details |
| 20 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | https://github.com/Praison001/CVE-2024-23897-Jenkins-Arbitrary-Read-File-Vulnerability | POC Details |
| 21 | on this git you can find all information on the CVE-2024-23897 | https://github.com/10T4/PoC-Fix-jenkins-rce_CVE-2024-23897 | POC Details |
| 22 | CVE-2024-23897 | https://github.com/B4CK4TT4CK/CVE-2024-23897 | POC Details |
| 23 | None | https://github.com/abdomagdy0/CVE-2024-23897-htb | POC Details |
| 24 | POC for CVE-2024-23897 Jenkins File-Read | https://github.com/godylockz/CVE-2024-23897 | POC Details |
| 25 | Jenkins Arbitrary File Leak Vulnerability [CVE-2024-23897] | https://github.com/ifconfig-me/CVE-2024-23897 | POC Details |
| 26 | Perform with massive Jenkins Reading-2-RCE | https://github.com/ThatNotEasy/CVE-2024-23897 | POC Details |
| 27 | Un script realizado en python para atumatizar la vulnerabilidad CVE-2024-23897 | https://github.com/pulentoski/CVE-2024-23897-Arbitrary-file-read | POC Details |
| 28 | Scraping tool to ennumerate directories or files with the CVE-2024-23897 vulnerability in Jenkins. | https://github.com/Nebian/CVE-2024-23897 | POC Details |
| 29 | This is an exploit script for CVE-2024-23897, a vulnerability affecting certain systems. The script is intended for educational and testing purposes only. Ensure that you have the necessary permissions before using it. | https://github.com/Abo5/CVE-2024-23897 | POC Details |
| 30 | None | https://github.com/TheRedDevil1/CVE-2024-23897 | POC Details |
| 31 | Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability | https://github.com/Athulya666/CVE-2024-23897 | POC Details |
| 32 | [CVE-2024-23897] Jenkins CI Authenticated Arbitrary File Read Through the CLI Leads to Remote Code Execution (RCE) | https://github.com/murataydemir/CVE-2024-23897 | POC Details |
| 33 | None | https://github.com/mil4ne/CVE-2024-23897-Jenkins-4.441 | POC Details |
| 34 | Poc para explotar la vulnerabilidad CVE-2024-23897 en versiones 2.441 y anteriores de Jenkins, mediante la cual podremos leer archivos internos del sistema sin estar autenticados | https://github.com/Maalfer/CVE-2024-23897 | POC Details |
| 35 | Un exploit con el que puedes aprovecharte de la vulnerabilidad (CVE-2024-23897) | https://github.com/Surko888/Surko-Exploit-Jenkins-CVE-2024-23897 | POC Details |
| 36 | CVE-2024-23897 jenkins-cli | https://github.com/3yujw7njai/CVE-2024-23897 | POC Details |
| 37 | None | https://github.com/AnastasiaStill/CVE-2024-23897 | POC Details |
| 38 | Reproduce CVE-2024–23897 | https://github.com/NoSpaceAvailable/CVE-2024-23897 | POC Details |
| 39 | Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability | https://github.com/JAthulya/CVE-2024-23897 | POC Details |
| 40 | exploit diseñado para aprovechar una vulnerabilidad crítica en Jenkins versiones <= 2.441. La vulnerabilidad, CVE-2024-23897, permite la lectura arbitraria de archivos a través del CLI de Jenkins, lo que puede llevar a la exposición de información sensible o incluso a la ejecución remota de código (RCE) bajo ciertas circunstancias. | https://github.com/BinaryGoodBoy0101/Jenkins-Exploit-CVE-2024-23897-Fsociety | POC Details |
| 41 | CVE-2024-23897 분석 | https://github.com/ShieldAuth-PHP/PBL05-CVE-Analsys | POC Details |
| 42 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | https://github.com/r0xdeadbeef/CVE-2024-23897 | POC Details |
| 43 | None | https://github.com/fullaw4ke/CVE-2024-23897-Jenkins-4.441 | POC Details |
| 44 | POC - Jenkins File Read Vulnerability - CVE-2024-23897 | https://github.com/verylazytech/CVE-2024-23897 | POC Details |
| 45 | CVE-2024-23897 exploit script | https://github.com/cc3305/CVE-2024-23897 | POC Details |
| 46 | CVE-2024-23897是一个影响Jenkins的严重安全漏洞 | https://github.com/zgimszhd61/CVE-2024-23897-poc | POC Details |
| 47 | Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability Leading to RCE | https://github.com/safeer-accuknox/Jenkins-Args4j-CVE-2024-23897-POC | POC Details |
| 48 | None | https://github.com/D1se0/CVE-2024-23897-Vulnerabilidad-Jenkins | POC Details |
| 49 | Jenkins CVE-2024-23897 POC : Arbitrary File Read Vulnerability Leading to RCE | https://github.com/Marouane133/jenkins-lfi | POC Details |
| 50 | CVE-2024-23897 jenkins-cli | https://github.com/AiK1d/CVE-2024-23897 | POC Details |
| 51 | Jenkins RCE Arbitrary File Read CVE-2024-23897 | https://github.com/slytechroot/CVE-2024-23897 | POC Details |
| 52 | None | https://github.com/brandonhjh/Jenkins-CVE-2024-23897-Exploit-Demo | POC Details |
| 53 | Jenkins CLI arbitrary read (CVE-2024-23897 applies to versions below 2.442 and LTS 2.426.3) | https://github.com/tvasari/CVE-2024-23897 | POC Details |
| 54 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2024/CVE-2024-23897.yaml | POC Details |
| 55 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Jenkins%20CLI%20%E6%8E%A5%E5%8F%A3%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2024-23897.md | POC Details |
| 56 | https://github.com/vulhub/vulhub/blob/master/jenkins/CVE-2024-23897/README.md | POC Details | |
| 57 | None | https://github.com/Fineken/Jenkins-CVE-2024-23897-Lab | POC Details |
| 58 | None | https://github.com/revkami/CVE-2024-23897-Jenkins-4.441 | POC Details |
| 59 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | https://github.com/r0xDB/CVE-2024-23897 | POC Details |
| 60 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | https://github.com/R0XDEADBEEF/CVE-2024-23897 | POC Details |
| 61 | CVE-2024-23897 jenkins-cli | https://github.com/P4x1s/CVE-2024-23897 | POC Details |
| 62 | Jenkins CLI arbitrary file read (CVE-2024-23897) | https://github.com/amalpvatayam67/day03-jenkins-23897 | POC Details |
| 63 | None | https://github.com/hybinn/CVE-2024-23897 | POC Details |
| 64 | None | https://github.com/aadi0258/Exploit-CVE-2024-23897 | POC Details |
| 65 | None | https://github.com/harekrishnarai/CVE-2024-23897-test-windows | POC Details |
| 66 | PoC para CVE-2024-23897 Jenkins Lectura de archivos internos del sistema. | https://github.com/wvverez/CVE-2024-23897 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-23897
请登录查看更多情报信息。
Same Patch Batch · Jenkins Project · 2024-01-24 · 9 CVEs total
| CVE-2024-23905 | Jenkins Plugin Red Hat Dependency Analytics 安全漏洞 | |
| CVE-2024-23903 | Jenkins Plugin GitLab Branch Source 安全漏洞 | |
| CVE-2024-23904 | Jenkins Plugin Log Command 安全漏洞 | |
| CVE-2024-23902 | Jenkins Plugin GitLab Branch Source 安全漏洞 | |
| CVE-2024-23900 | Jenkins Plugin Matrix Project 安全漏洞 | |
| CVE-2024-23901 | Jenkins Plugin GitLab Branch Source 安全漏洞 | |
| CVE-2024-23899 | Jenkins Plugin Git server 安全漏洞 | |
| CVE-2024-23898 | Jenkins 安全漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2024-23897
No comments yet