#cve_2024_23897 — Public Fediverse posts

GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
#BlackBastaGroup #CVE_2023_6875 #CVE_2024_3400 #CVE_2024_27198 #CVE_2024_24919 #CVE_2024_23897 #CVE_2024_1709 #CVE_2023_4966 #CVE_2023_42793 #CVE_2023_36845 #CVE_2023_36844 #CVE_2023_29357 #CVE_2023_22515 #CVE_2023_20198 #CVE_2022_41082 #CVE_2022_41040 #CVE_2022_37042 #CVE_2022_30525 #CVE_2022_27925 #CVE_2022_26134 #CVE_2022_22965 #CVE_2022_1388 #CVE_2021_44228 #CVE_2021_26855
https://www.greynoise.io/blog/greynoise-detects-active-exploitation-cves-black-bastas-leaked-chat-logs

Trend Micro is a bit late talking about CVE-2024-23897 (9.8 critical, disclosed 24 January 2024, has Proof of Concept) Jenkins Server Arbitrary file read vulnerability. The vulnerability exists in the args4j library, allowing an unauthenticated user to read the first few lines of any files on the file system, leading to remote code execution. If I’m reading this correctly, Trend Micro reports active exploitation of CVE-2024-23897, predominantly from the Netherlands (no IOC provided). 🔗 https://www.trendmicro.com/en_us/research/24/c/cve-2024-23897.html They provide vulnerability analyses similar to Sonar Source, explaining attack scenarios and what commands are available for both unauthenticated/authenticated users.

#CVE_2024_23897 #Jenkins #RCE #eitw #activeexploitation #PoC #proofofconcept #vulnerability

Good morning! Have a fairly gnarly RCE in #Jenkins:

Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.