Share
## https://sploitus.com/exploit?id=E4EAC92F-32F7-51E4-AAD1-54C75BC7DC7C
# CVE-2024-23897

โš ๏ธ This scanner is for defensive purposes and should be used by cybersecurity professionals to identify possible vulnerable Jenkins servers.

# Description

### CVE-2024-23897 - Arbitrary file read vulnerability through the CLI can lead to RCE


![image](https://github.com/yoryio/CVE-2024-23897/assets/134471901/cb2af884-9607-4e67-be70-447699d51ce8)


*Products and Versions affected:*

| Product                           | Affected Versions                                        |
| :-------------------------------- | :------------------------------------------------------- |
| Jenkis Server | <= 2.441 <br /> <= LTS 2.426.3|

- **CVSS:** CRITICAL
- **Actively Exploited:** YES
- **Patch:** YES
- **Mitigation:** YES

# Help

```
usage: CVE-2024-23897.py [-h] -c COUNTRY

options:
  -h, --help            show this help message and exit
  -c COUNTRY, --country COUNTRY
                        Country to scan with Shodan

```
**Example:** `python CVE-2024-23897.py -c US`

# Lab

You can use the Jenkin's Docker container with a specific vulnerable version:

```
docker pull jenkins/jenkins:2.414.3-jdk17
```

# Global Jenkins Servers with Shodan:

- **Shodan query:**
```
http.favicon.hash:81586312
```

![Screenshot from 2024-01-26 23-07-40](https://github.com/yoryio/CVE-2024-23897/assets/134471901/97ed0259-32b3-43cf-aefc-d71853fefffd)


# References

- [Jenkins Security Advisory 2024-01-24](https://www.jenkins.io/security/advisory/2024-01-24/)
- [Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins](https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/)
- [Breaking Down CVE-2024-23897: PoC Code Surfaces Just After Jenkins Advisory](https://securityonline.info/breaking-down-cve-2024-23897-poc-code-surfaces-just-after-jenkins-advisory/)
- [Allegedly active exploitation](https://twitter.com/shoucccc/status/1750601321831633026)