POC for Jenkins CVE-2024-23897 made public

---

Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897, have been made public.

A critical flaw, tracked as CVE-2024-23897, could lead to remote code execution (RCE). The vulnerability was reported by the researcher Yaniv Nizry from Sonar, who wrote a detailed analysis of the issue

See more

This vulnerability in #Jenkins is serious CVE-2024-23897

POCs have been published https://t.co/nGtbf8fehdhttps://t.co/pzY0NSL5bA

report by @SonarSource https://t.co/VNAUg2PDN8 pic.twitter.com/vbiWGmj47M

— Florian Roth ⚡️ (@cyb3rops) January 26, 2024

Researcher German Fernandez, warned of a massive exploitation of the vulnerability, querying Shodan, he found more than 75000 internet-facing instances.

See more

🚨 CVE-2024-23897: Unauthenticated Arbitrary File Read vulnerability could lead to RCE on Jenkins servers.

▪ Exploits are already available.https://t.co/xreXZ88kIZ

— Germán Fernández (@1ZRR4H) January 26, 2024

The availability of exploits will cause several threat actors to start exploiting the vulnerability in attacks in the wild.