Proof of Concept for Exploiting CVE-2024-23897 Vulnerability in Jenkins Versions 2.441 and Earlier This repository provides a proof-of-concept (PoC) exploit for the CVE-2024-23897 vulnerability affecting Jenkins versions 2.441 and earlier. This vulnerability allows an attacker to read arbitrary files from the Jenkins server's underlying operating system, potentially leading to data exfiltration or further compromise. Understanding the Vulnerability CVE-2024-23897 stems from a flaw in the Jenkins core's handling of certain HTTP requests. Specifically, an attacker can manipulate the Jenkins.model.Jenkins class, which controls access to the server's internal resources. This manipulation allows the attacker to bypass security measures and read sensitive files that are normally restricted. How the Exploit Works The exploit provided in this repository leverages the vulnerability to read the /etc/passwd file on the target Jenkins server. This file contains information about user accounts and passwords, demonstrating the potential for significant damage. Here's how the exploit functions: Version Check: First, the script verifies the Jenkins version to ensure the target system is vulnerable. Exploitation: The exploit sends a specially crafted HTTP request to the Jenkins server, exploiting the CVE-2024-23897 vulnerability to bypass security restrictions. File Reading: The script then retrieves the contents of the specified file, in this case, /etc/passwd. Example usage:…Read More