CVE-2024-23897

CVE-2024-23897 - Arbitrary file read vulnerability through the CLI can lead to RCE

Products and Versions affected:

Product	Affected Versions
Jenkis Server	<= 2.441 <= LTS 2.426.3

• CVSS: CRITICAL
• Actively Exploited: YES
• Patch: YES
• Mitigation: YES

Help

usage: CVE-2024-23897.py [-h] -c COUNTRY

options:
  -h, --help            show this help message and exit
  -c COUNTRY, --country COUNTRY
                        Country to scan with Shodan

Example: python CVE-2024-23897.py -c US

Lab

You can use the Jenkin's Docker container with a specific vulnerable version:

docker pull jenkins/jenkins:2.414.3-jdk17

Global Jenkins Servers with Shodan:

• Shodan query:

http.favicon.hash:81586312

References

• Jenkins Security Advisory 2024-01-24
• Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
• Breaking Down CVE-2024-23897: PoC Code Surfaces Just After Jenkins Advisory
• Allegedly active exploitation
• Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)