CVE-2024-23897

This exploit leverages a local file inclusion vulnerability in Jenkins 2.441 by manipulating CLI commands to read arbitrary files from the server. It establishes a session to send crafted payloads and retrieve file contents.

This repository contains a functional exploit for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins. The exploit leverages the args4j library's file expansion feature to read files from the Jenkins controller, potentially leading to RCE.

This repository contains a functional exploit PoC for CVE-2024-23897, which leverages a deserialization vulnerability in the target software. The exploit sends crafted binary data via HTTP POST requests to achieve arbitrary file read or command execution.

This repository contains a functional exploit tool for CVE-2024-23897, a Jenkins arbitrary file read vulnerability. The tool is written in Go and includes features for scanning, command execution, and proxy support.

This repository contains a functional Python exploit for CVE-2024-23897, targeting Jenkins versions <= 2.441 and <= LTS 2.426.2. The exploit leverages a vulnerability in the Jenkins CLI endpoint to read arbitrary files from the target system, demonstrating an information leak attack.

This repository contains a functional Python script that exploits CVE-2024-23897, an arbitrary file read vulnerability in Jenkins. The exploit leverages the CLI command parser's feature to replace an '@' character followed by a file path with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

This repository contains a Nuclei template designed to detect the presence of CVE-2024-23897, a local file inclusion (LFI) vulnerability in Jenkins. The template sends a crafted payload to the Jenkins CLI endpoint and checks for vulnerable versions in the response.

The repository contains a functional Python exploit for CVE-2024-23897, which leverages Jenkins' CLI command parser to read arbitrary files on the server. The exploit uses threading to simultaneously upload a crafted payload and download the file contents via the Jenkins CLI endpoint.

This repository demonstrates an exploit for CVE-2024-23897, a Jenkins CLI vulnerability allowing file leakage and RCE. The PoC uses `jenkins-cli.jar` to read arbitrary files (e.g., `/etc/passwd`) from a vulnerable Jenkins instance.

This repository contains a functional exploit for CVE-2024-23897, a local file inclusion vulnerability in Jenkins versions 2.441 and earlier. The exploit downloads the Jenkins CLI and uses it to read arbitrary files from the target system.

This repository contains a functional Python exploit for CVE-2024-23897, a Jenkins file read vulnerability. The exploit leverages the Jenkins CLI endpoint to read arbitrary files from the server by crafting specific requests with session UUIDs and payload structures.

The repository contains a Python script that scans for Jenkins servers vulnerable to CVE-2024-23897 using Shodan. It checks the version of Jenkins by examining the 'X-Jenkins' header and compares it against known vulnerable versions.

This repository contains a functional exploit for CVE-2024-23897, which leverages Jenkins' CLI command parser to read arbitrary files on the server. The exploit sends crafted HTTP requests to the Jenkins CLI endpoint to trigger the vulnerability and retrieve file contents.

This repository provides a functional proof-of-concept for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins via the CLI's expandAtFiles feature. It includes commands to exploit the vulnerability both with and without authentication, along with mitigation steps.

This repository contains a functional exploit for CVE-2024-23897, which leverages Jenkins' arbitrary file leak vulnerability to read sensitive files. The PoC uses the Jenkins CLI to fetch files from the target system.

The repository contains a functional exploit for CVE-2024-23897, which leverages Jenkins CLI to perform arbitrary file reads. The exploit downloads the Jenkins CLI JAR and uses it to read specified files from the target system.

The repository claims to exploit CVE-2024-23897 in Jenkins but lacks actual exploit code, instead directing users to download external files from Google Drive. The README is vague and focuses on setup instructions rather than technical details.

This repository contains a functional exploit for CVE-2024-23897, an arbitrary file leak vulnerability in Jenkins. The exploit uses the Jenkins CLI to read arbitrary files from the target system by leveraging the 'connect-node' command with a crafted file path.

This repository contains a functional Python exploit for CVE-2024-23897, targeting Jenkins servers. The exploit leverages arbitrary file read and upload capabilities via crafted HTTP requests to achieve remote code execution (RCE).

This repository contains a functional Python exploit for CVE-2024-23897, targeting Jenkins servers. The exploit leverages arbitrary file read and upload capabilities via crafted HTTP requests to achieve remote code execution (RCE).

The repository contains a functional Python exploit for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins. The exploit leverages the CLI command parser's '@' character replacement feature to read arbitrary files from the Jenkins controller file system.

This repository contains a functional exploit for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins 2.441 and earlier. The exploit leverages the Jenkins CLI to read files via the 'help' and 'connect-node' commands, demonstrating both partial and full file disclosure.

The repository contains functional exploit code for CVE-2024-23897, including a Nuclei template and README with technical details. The exploit demonstrates the vulnerability by sending crafted HTTP requests to achieve remote code execution.

This repository contains a functional Go-based proof-of-concept exploit for CVE-2024-23897, targeting the args4j module to achieve remote code execution (RCE). The exploit sends a crafted payload via HTTP POST requests to a vulnerable endpoint, leveraging a session-based communication mechanism.

This repository contains a functional exploit for CVE-2024-23897, which leverages Jenkins CLI's args4j library to read arbitrary files by exploiting the @ symbol file inclusion feature. The exploit downloads the Jenkins CLI JAR and uses it to read internal system files.

This repository contains a functional Python PoC for CVE-2024-23897, a Jenkins arbitrary file read vulnerability that can lead to RCE. The exploit uses crafted CLI requests with session manipulation to read files from the target system.

This repository contains a functional Python exploit for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins. The exploit uses a two-step request process with crafted headers and payloads to read files from the target system.

The repository contains a Python script that enumerates directories or files in Jenkins by leveraging CVE-2024-23897. It downloads the Jenkins CLI JAR and uses it to test for the presence of files/directories via a wordlist.

This repository contains a functional Python exploit for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins' CLI. The PoC uses a crafted request to read files from the Jenkins controller file system by leveraging the CLI endpoint with a race condition between upload and download requests.

This exploit leverages CVE-2024-23897 to interact with Jenkins CLI commands, potentially enabling unauthorized command execution or information disclosure. The script automates the download of jenkins-cli.jar if not present and uses it to execute commands like 'who-am-i', 'enable-job', and 'help' with crafted arguments.

The repository contains functional exploit code for CVE-2024-23897, which allows reading arbitrary files from Jenkins instances. The exploit uses a race condition between upload and download threads to bypass authentication and retrieve file contents.

This repository contains a Python-based scanner for detecting Jenkins instances and checking for CVE-2024-23897, an unauthenticated arbitrary file read vulnerability via CLI argument injection. It includes both passive version checks and active CLI protocol handshake probes.

This repository contains a functional Go-based exploit for CVE-2024-23897, which leverages Jenkins' CLI command parser to read arbitrary files, potentially leading to RCE. The PoC constructs a binary payload with an '@' symbol to trigger file expansion and uses concurrent HTTP requests to exploit the vulnerability.

This repository contains a functional Python exploit for CVE-2024-23897, targeting Jenkins versions <= 2.441 and LTS <= 2.426.2. The exploit leverages the CLI command parsing vulnerability to read arbitrary files from the target system, with support for multi-threaded scanning and file-based input/output.

The repository contains only a minimal README with no exploit code, technical details, or functional content related to CVE-2024-23897. It appears to be a placeholder or incomplete submission.

This repository contains a functional exploit for CVE-2024-23897, targeting Jenkins arbitrary file read vulnerability via CLI endpoint manipulation. The exploit uses a two-threaded approach to send crafted upload/download requests, demonstrating the vulnerability with clear technical implementation.

This repository contains a functional Python exploit for CVE-2024-23897, targeting Jenkins versions < 2.442 and < LTS 2.426.3. The exploit includes version checking, vulnerability verification, and file reading capabilities via Jenkins CLI.

This repository contains a functional exploit for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins CLI. The exploit leverages the `@/path` expansion feature to read local files and reflect their first lines via CLI help output.

The repository contains only Python virtual environment activation scripts and no actual exploit code or technical details related to CVE-2024-23897. The files are part of a virtual environment setup and do not demonstrate or analyze the vulnerability.

This Python script exploits CVE-2024-23897 by leveraging Jenkins CLI commands to read arbitrary files on the target system. It uses proxychains for routing traffic and requires a valid jenkins-cli.jar file.

This repository contains a functional exploit for CVE-2024-23897, a Jenkins RCE vulnerability via the args4j module. The PoC demonstrates arbitrary file read by sending crafted HTTP requests to the Jenkins CLI endpoint.

This repository contains functional Python scripts that exploit CVE-2024-23897, an arbitrary file read vulnerability in Jenkins. The scripts automate the process of downloading jenkins-cli.jar and executing commands to read sensitive files via the 'connect-node' command.

This repository contains a functional Python exploit for CVE-2024-23897, targeting Jenkins. The exploit leverages a vulnerability in the CLI command handling to read arbitrary files from the server, with built-in version checking and session management.

This Python script exploits CVE-2024-23897 in Jenkins by downloading the jenkins-cli.jar file and executing a command to connect a malicious node. It leverages the vulnerability to achieve remote code execution (RCE) via the Jenkins CLI tool.

This repository contains a functional exploit for CVE-2024-23897, an arbitrary file leak vulnerability in Jenkins. The exploit uses the Jenkins CLI to read arbitrary files from the target system by leveraging the 'connect-node' command.

This repository provides a detailed technical analysis of CVE-2024-23897, an arbitrary file read vulnerability in Jenkins CI due to the Args4j library's `expandAtFiles` feature. It includes exploitation steps, vulnerable code snippets, and patch analysis.

This repository contains a functional exploit for CVE-2024-23897, a Jenkins arbitrary file read vulnerability. The PoC uses a multi-threaded approach to upload a crafted payload and download file contents via the Jenkins CLI endpoint.

The repository contains no actual exploit code, only a README with generic instructions for using Jenkins CLI and a link to the CVE. It lacks technical details about the vulnerability or exploit mechanics.

This repository contains a functional exploit for CVE-2018-15473, an OpenSSH username enumeration vulnerability. The script uses malformed SSH packets to determine valid usernames on the target system.

This repository contains a functional exploit for CVE-2024-23897, which leverages Jenkins' CLI command parser to read arbitrary files on the Jenkins controller file system. The exploit is written in C++ and uses Boost libraries to craft and send HTTP requests that trigger the vulnerability.

This repository contains a functional proof-of-concept exploit for CVE-2024-23897, demonstrating arbitrary file read in Jenkins via the args4j library's @file expansion feature. The PoC includes a Docker environment for testing and step-by-step commands to exploit the vulnerability.

This repository contains a functional exploit for CVE-2024-23897, targeting Jenkins servers. The script downloads the jenkins-cli.jar file and executes a payload to connect a node, demonstrating the vulnerability.

This repository provides a functional exploit for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins. The exploit leverages the args4j library's file expansion feature to read sensitive files like /proc/self/environ, secret.key, and /etc/passwd via the Jenkins CLI.

The repository contains a functional exploit for CVE-2024-23897, targeting Jenkins to leak the admin password via a verbose error message. It includes scripts to install Jenkins in a Docker container and exploit the vulnerability using the Jenkins CLI.

This Metasploit module exploits CVE-2024-23897 in Jenkins by leveraging the CLI protocol's `help` command to read arbitrary files via the `@<filename>` expansion feature in `args4j`. It uses a timing-based approach with threaded requests to retrieve the first two lines of a target file.