.. / CVE-2024-23897

Exploit for Jenkins <= 2.441, LTS <= 2.426.2 - Arbitrary File Read (CVE-2024-23897)

Description:

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

Proof of Concept

PoC exploit

Try the exploit in a lab environment:

Lab Machine Link
Hack The Box Builder Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-23897
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/
https://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html
https://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html