CVE-2024-23898

HIGH LAB

Jenkins 2.217-2.441 and LTS 2.222.1-2.426.2 - Cross-Site WebSocket Hijacking via CLI Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23898. PoCs published by davidmgaviria.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2024-23898, targeting Jenkins via WebSocket manipulation to achieve remote code execution. The exploit uses crafted WebSocket frames to execute arbitrary commands on the target Jenkins server.

Description

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

Exploits (1)

nomisec WORKING POC 2 stars
by davidmgaviria · poc
https://github.com/davidmgaviria/CVE2_Jenkins_RCE

This repository contains a functional exploit PoC for CVE-2024-23898, targeting Jenkins via WebSocket manipulation to achieve remote code execution. The exploit uses crafted WebSocket frames to execute arbitrary commands on the target Jenkins server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Jenkins 2.441
No auth needed
Prerequisites: Network access to the Jenkins WebSocket endpoint · Jenkins server running a vulnerable version
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.3687
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull jenkins/jenkins:2.441

Details

CWE
CWE-346
Status published
Products (3)
jenkins/jenkins 2.217 - 2.441
jenkins/jenkins 2.222.1 - 2.426.2
org.jenkins-ci.main/jenkins-core 2.217 - 2.426.3Maven
Published Jan 24, 2024
Tracked Since Feb 18, 2026