Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-23897 PoC — Jenkins 安全漏洞

Source
https://github.com/safeer-accuknox/Jenkins-Args4j-CVE-2024-23897-POC
Associated Vulnerability
Title:Jenkins 安全漏洞 (CVE-2024-23897)
Description:Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Description
Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability Leading to RCE
Readme
# Jenkins-Args4j-CVE-2024-23897-POC

A vulnerability in Jenkins (versions 2.441 and earlier, LTS 2.426.2 and earlier) allows attackers to read arbitrary files on the Jenkins controller using the default character encoding.

   - Attackers with `Overall/Read` permission can read entire files.
   - Attackers without `Overall/Read` permission can read up to three lines of a file, depending on available CLI commands.
  
For more information: [Jenkins Security Advisory](https://www.jenkins.io/security/advisory/2024-01-24/)
File Snapshot

 [4.0K]  /data/pocs/a08bf266ee7e44eade3d66e519e9841516d14479
├── [4.0K]  exploit
│   ├── [2.8K]  CVE-2024-23897.py
│   └── [ 117]  README.md
├── [ 617]  k8s.yaml
├── [ 427]  kubearmor-policy.yaml
└── [ 523]  README.md

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →