CVE-2024-23897CISA KEV: Actively Exploited

Jenkins Command Line Interface (CLI) Path Traversal Vulnerability

Published Aug 19, 2024·Updated Aug 19, 2024

Description

Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

Public Exploits & PoCs43 found

PoC: CVE-2024-23897

CVE-2024-23897

13

PoC: CVE-2024-23897

This repository presents a proof-of-concept of CVE-2024-23897

3

PoC: CVE-2024-23897

PoC para CVE-2024-23897 Jenkins Lectura de archivos internos del sistema.

1

PoC: CVE-2024-23897

PoC para CVE-2024-23897 Jenkins Lectura de archivos internos del sistema.

1

PoC: CVE-2024-23897

POC - Jenkins File Read Vulnerability - CVE-2024-23897

1

PoC: CVE-2024-23897

Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)

1

PoC: CVE-2024-23897

CVE-2024-23897 - Jenkins 任意文件读取 利用工具

1

PoC: cve-2024-23897-jenkins-poc

Self-contained Docker reproduction and analysis of CVE-2024-23897, the Jenkins CLI arbitrary file read via the args4j @-syntax argument expansion.

PoC: pwntilldawn-10.150.150.38

PwnTillDawn writeup: 10.150.150.38 — Jenkins CVE-2024-23897 + Groovy RCE + root via Python eval injection

PoC: jenkins_scan

Find jenkins environment and checks for CVE-2024-23897

PoC: poc-CVE-2024-23897

CVE-2024-23897: Jenkins Arbitrary File Read Lead to RCE

PoC: day03-jenkins-23897

Jenkins CLI arbitrary file read (CVE-2024-23897)

PoC: CVE-2024-23897

Jenkins CLI arbitrary read (CVE-2024-23897 applies to versions below 2.442 and LTS 2.426.3)

PoC: CVE-2024-23897

Jenkins RCE Arbitrary File Read CVE-2024-23897

PoC: jenkins-lfi

Jenkins CVE-2024-23897 POC : Arbitrary File Read Vulnerability Leading to RCE

PoC: Jenkins-Args4j-CVE-2024-23897-POC

Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability Leading to RCE

PoC: CVE-2024-23897-poc

CVE-2024-23897是一个影响Jenkins的严重安全漏洞

PoC: PBL05-CVE-Analsys

CVE-2024-23897 분석

PoC: Jenkins-Exploit-CVE-2024-23897-Fsociety

exploit diseñado para aprovechar una vulnerabilidad crítica en Jenkins versiones <= 2.441. La vulnerabilidad, CVE-2024-23897, permite la lectura arbitraria de archivos a través del CLI de Jenkins, lo que puede llevar a la exposición de información sensible o incluso a la ejecución remota de código (RCE) bajo ciertas circunstancias.

PoC: CVE-2024-23897

Reproduce CVE-2024–23897

PoC: CVE-2024-23897

CVE-2024-23897 exploit script

PoC: Surko-Exploit-Jenkins-CVE-2024-23897

Un exploit con el que puedes aprovecharte de la vulnerabilidad (CVE-2024-23897)

PoC: CVE-2024-23897

Poc para explotar la vulnerabilidad CVE-2024-23897 en versiones 2.441 y anteriores de Jenkins, mediante la cual podremos leer archivos internos del sistema sin estar autenticados

PoC: CVE-2024-23897

[CVE-2024-23897] Jenkins CI Authenticated Arbitrary File Read Through the CLI Leads to Remote Code Execution (RCE)

PoC: CVE-2024-23897

Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability

PoC: CVE-2024-23897

This is an exploit script for CVE-2024-23897, a vulnerability affecting certain systems. The script is intended for educational and testing purposes only. Ensure that you have the necessary permissions before using it.

PoC: CVE-2024-23897

Scraping tool to ennumerate directories or files with the CVE-2024-23897 vulnerability in Jenkins.

PoC: CVE-2024-23897-Arbitrary-file-read

Un script realizado en python para atumatizar la vulnerabilidad CVE-2024-23897

PoC: CVE-2024-23897

Perform with massive Jenkins Reading-2-RCE

PoC: CVE-2024-23897

Jenkins Arbitrary File Leak Vulnerability [CVE-2024-23897]

PoC: CVE-2024-23897

POC for CVE-2024-23897 Jenkins File-Read

PoC: CVE-2024-23897

CVE-2024-23897

PoC: CVE-2024-23897-Jenkins-Arbitrary-Read-File-Vulnerability

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

PoC: CVE-2024-23897-RCE

CVE-2024-23897 jenkins arbitrary file read which leads to unauthenticated RCE

PoC: Jenkins-CVE-2024-23897

PoC for CVE-2024-23897

PoC: CVE-2024-23897

Jenkins POC of Arbitrary file read vulnerability through the CLI can lead to RCE

PoC: CVE-2024-23897

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

PoC: PoC-jenkins-rce_CVE-2024-23897

on this git you can find all information on the CVE-2024-23897

PoC: CVE-2024-23897

CVE-2024-23897 jenkins-cli

PoC: CVE-2024-23897

Scanner for CVE-2024-23897 - Jenkins

PoC: CVE-2024-23897

CVE-2024-23897 | Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner.

PoC: CVE-2024-23897

CVE-2024-23897 (CVSS 9.8): Critical Jenkins Security Vulnerability, RCE POC

PoC: SECURITY-3314-3315

Workaround for disabling the CLI to mitigate SECURITY-3314/CVE-2024-23897 and SECURITY-3315/CVE-2024-23898

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free