Skip to content
/ CVE-2024-43044-jenkins Public

Exploit for the vulnerability CVE-2024-43044 in Jenkins

163 stars 23 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

convisolabs/CVE-2024-43044-jenkins

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
assets
assets
 
 
src/main/java/poc
src/main/java/poc
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Intro

This is an exploit for CVE-2024-43044, an arbitrary file read that allows an agent to fetch files from the controller.

The exploit will use the vulnerability to read files to forge a remember-me cookie for an admin account and gain access to Jenkins scripting engine.

Check out the full writeup at https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Building the exploit

mvn package

Running the exploit

Exploit Usages:
    java -jar exploit.jar mode_secret <jenkinsUrl> <nodeName> <nodeSecretKey>
    java -jar exploit.jar mode_attach <jenkinsUrl> <cmd>
    java -jar exploit.jar mode_attach <cmd>

Testing

You can test it in vulnerable version using docker:

docker run -p 8080:8080 -p 50000:50000 --restart=on-failure jenkins/jenkins:2.441-jdk17

Once you have a jenkins runnning, setup an agent.

The controller/agent connection can be either default (using url, nodename, secret) or via SSH.

Demonstration

RCE.

References

https://www.jenkins.io/security/advisory/2024-08-07/

About

Exploit for the vulnerability CVE-2024-43044 in Jenkins

Resources

Readme
Activity
Custom properties

Stars

163 stars

Watchers

3 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages