PoC Releases for Jenkins CVE-2024-23897 Remote Code Execution Flaw

Numerous publicly available Proof-of-Concept (PoC) exploits for a critical vulnerability in Jenkins, which allow an unauthenticated attacker to read arbitrary files, have emerged, and cyber criminals are already actively leveraging these flaws in their attacks.

On January 24, 2024, Jenkins released patches for nine security vulnerabilities and published advisories detailing various attack scenarios, exploitation methods, descriptions of the fixes, and potential workarounds for those unable to apply updates.

Among these patched vulnerabilities, the critical CVE-2024-23897 stands out. It leads to Remote Code Execution (RCE) and enables reading arbitrary files in the Jenkins controller’s file system.

This vulnerability in #Jenkins is serious CVE-2024-23897

POCs have been published https://t.co/nGtbf8fehdhttps://t.co/pzY0NSL5bA

report by @SonarSource https://t.co/VNAUg2PDN8 pic.twitter.com/vbiWGmj47M

— Florian Roth (@cyb3rops) January 26, 2024

With extensive information about Jenkins’ shortcomings, many security researchers have replicated certain attack scenarios and created functional PoC exploits for CVE-2024-23897, published on GitHub [1, 2]. The effectiveness of these PoCs has been verified, so attackers scanning open servers are already actively trying these attack scenarios with minimal or no modifications. Some researchers report that their Jenkins honeypots have been targeted, suggesting that hackers have begun to exploit these vulnerabilities.