Jenkins (CVE-2024-23897)

n3od4y · (This post was last modified: 07-08-24, 07:29 PM by Lucifer.)

As a red teamer, you encountered a Jenkins instance that is vulnerable to CVE-2024-23897, which allowed for limited arbitrary file read. Without credentials and with the /script endpoint inaccessible, you sought to leverage this vulnerability by revealing Hudson to decypt the credentials.

Hidden Content

You must register or login to view this content.

modoff · 31-08-24, 05:47 AM

okansjdsad

alexanderdavid · 31-08-24, 07:10 PM

uhmmm is real?

runninwolf83 · 10-02-25, 03:12 AM

Lets see

changpz · 22-05-25, 01:08 PM

let me see

blake2655 · 23-05-25, 07:37 AM

let me see

forever · 25-05-25, 04:50 PM

thanks

revam · 04-06-25, 03:07 AM

let me check

jueran · 05-06-25, 09:00 AM

thanks

mkolp789 · 18-06-25, 01:35 PM

thank you