Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Follow these steps to execute the exploit:
-
Grant Execution Permissions to the Script:
chmod +x run_exploit.sh
-
Run the Script:
./run_exploit.sh
To stay abreast of information regarding CVE-2024-23897 and its mitigation, consult the following resources:
-
CVE-2024-23897 Feed on Feedly:
-
SecurityOnline Article:
-
Educational Mitigation Video: