CVE-2024-23897 is a critical vulnerability discovered in Jenkins, a popular continuous integration tool. This vulnerability allows remote command execution (RCE) on the Jenkins server due to a lack of proper restrictions on node access and connection functions.
CVE-ID: CVE-2024-23897Type: Remote Code Execution(RCE)Impact: An unauthenticated attacker can send specially crafted requests that allow arbitrary commands to be executed on the Jenkins server, leading to system compromise.Affected:Jenkinsversions prior to the fix of thisCVE.
- An attacker can exploit this vulnerability using the
jenkins-cli.jarfile, which allows communication betweenJenkinsand its nodes. - Through a malicious node, the attacker can upload and execute arbitrary commands on the
Jenkinsserver.
- It is recommended to update
Jenkinsto the latest available version that has fixed this vulnerability. - Also, access to the Jenkins administration interface can be limited to authorized users only.
This Python script exploits the CVE-2024-23897 vulnerability in outdated Jenkins servers. The script interacts with the Jenkins server and executes arbitrary commands using the jenkins-cli.jar file.
Python 3.xrequestsandsubprocesslibraries installed in the execution environment.- Network connection to the
Jenkins vulnerableserver.
Download the filejenkins-cli.jar` from the Jenkins server.Connect Jenkins nodeusing the downloaded file and execute malicious commands on the remote server.Perform specific actionssuch as reading arbitrary files on the server.
Installing dependencies: Make sure you havePython 3and therequestslibrary installed. You can install it usingpip:
pip3 install requestsScript Usage: Download the exploitation script file and run it from the terminal:
python3 cve-2024-23897.pyThe script will ask you to enter the following parameters:
Jenkins Server IP Address: The IP where Jenkins is running.Jenkins Server Port: The port that Jenkins is listening on (default is8080).Path to read file: The path of the file you want to access on the vulnerable server (for example,/etc/passwd).
The script will download the jenkins-cli.jar file from the Jenkins server and then execute the commands defined in the file you have indicated as a parameter.
To test the vulnerability in a controlled environment, we have included a Docker-based vulnerable lab. You will only need to unzip the ZIP file on your Kali Linux machine, run the .sh file, and deploy the Docker environment to perform the test.
Download the LAB .tar: First, unzip the file containing the vulnerable lab:
Run the deployment script: Inside a folder, you will have to have the 2 files, one of them auto_mount.sh. This script is designed to deploy the vulnerable Docker environment automatically and the laboratory in TAR that you will have to pass as a parameter. Run it with:
bash auto_mount.sh cve-2024-23897.tarThe script will take the compressed Docker .tar file as a parameter to launch the vulnerable container and test the exploitation of the vulnerability.
Connect to the Jenkins server: Once the Docker environment is running, you will be able to connect to the Jenkins server from your Kali Linux machine. The Jenkins interface will be available at the IP address and port configured in the container.
Run Exploit Script: Now that the vulnerable Jenkins server is running, you can run the exploit script on the Kali machine and try remote code execution on Jenkins.
- cve-2024-23897.py:
Pythonscript to exploit theCVE-2024-23897vulnerability. - deploy.sh: Script to automatically deploy the vulnerable
Dockerenvironment. - cve-2024-23897.tar: Compressed
Dockerfile to raise vulnerableJenkinsserver.
- Ethical Use: This lab and script should be used exclusively in controlled environments and for educational or security testing purposes.
- Liability: The use of these tools on unauthorized systems is illegal and may have legal consequences. Always perform security tests with the appropriate permission.
Developed by: d1se0
Contact: [email protected]