7 matches found
Exploit for Origin Validation Error in Jenkins
Jenkins CLI Websocket Hijacking - PoC A proof of concept cross...
RHEL 8 : Jenkins and Jenkins-2-plugins (RHSA-2024:0778)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0778 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
CVE-2024-23898
A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint...
CVE-2024-23898
creationtimestamp| type| source ---|---|--- 2024-01-24 19:27:03+00:00| seen| https://t.me/ctinow/173031 2024-01-26 22:27:11+00:00| seen| https://t.me/arpsyndicate/3097 2024-01-28 04:12:00+00:00| seen| https://t.me/arpsyndicate/3198 2024-01-29 12:46:44+00:00| published-proof-of-concept|...
CVE-2024-23898
Jenkins 2.217 through 2.441 both inclusive, LTS 2.222.1 through 2.426.2 both inclusive does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenki...
CVE-2024-23898
Jenkins 2.217 through 2.441 both inclusive, LTS 2.222.1 through 2.426.2 both inclusive does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenki...
CVE-2024-23898
Jenkins 2.217 through 2.441 both inclusive, LTS 2.222.1 through 2.426.2 both inclusive does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenki...