exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 91 RSS Feed

Files

Jenkins 2.441 Local File Inclusion
Posted Apr 15, 2024
Authored by Matisse Beckandt

Jenkins version 2.441 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2024-23897
SHA-256 | bd541e95b84e90dc4cbb0bfe35af5cd5870fc359b6d836f3a3eb70857003a87a

Related Files

Jenkins-CI Unauthenticated Script-Console Scanner
Posted Sep 1, 2024
Authored by altonjx, Jeffrey Cap | Site metasploit.com

This Metasploit module scans for unauthenticated Jenkins-CI script consoles and executes the specified command.

tags | exploit
advisories | CVE-2015-8103
SHA-256 | 53d9d1136ce2f5886b4a8ce54a4d0483aa965be83698aed6eab71a5930ded211
Jenkins cli Ampersand Replacement Arbitrary File Read
Posted Aug 31, 2024
Authored by h00die, binganao, h4x0r-dz, Vozec, Yaniv Nizry | Site metasploit.com

This Metasploit module utilizes the Jenkins cli protocol to run the help command. The cli is accessible with read-only permissions by default, which are all thats required. Jenkins cli utilizes args4js parseArgument, which calls expandAtFiles to replace any @<filename> with the contents of a file. We are then able to retrieve the error message to read up to the first two lines of a file. Exploitation by hand can be done with the cli, see markdown documents for additional instructions. There are a few exploitation oddities: 1. The injection point for the help command requires 2 input arguments. When the expandAtFiles is called, each line of the FILE_PATH becomes an input argument. If a file only contains one line, it will throw an error: ERROR: You must authenticate to access this Jenkins. However, we can pad out the content by supplying a first argument. 2. There is a strange timing requirement where the download (or first) request must get to the server first, but the upload (or second) request must be very close behind it. From testing against the docker image, it was found values between .01 and 1.9 were viable. Due to the round trip time of the first request and response happening before request 2 would be received, it is necessary to use threading to ensure the requests happen within rapid succession. Files of value: * /var/jenkins_home/secret.key * /var/jenkins_home/secrets/master.key * /var/jenkins_home/secrets/initialAdminPassword * /etc/passwd * /etc/shadow * Project secrets and credentials * Source code, build artifacts.

tags | exploit, protocol
advisories | CVE-2024-23897
SHA-256 | 8799f2e8f0af3fd5eaa3690edb0e303a727a1d5ed7c421cade67b080436d71e9
Jenkins Domain Credential Recovery
Posted Aug 31, 2024
Authored by sinn3r, Th3R3p0 | Site metasploit.com

This Metasploit module will collect Jenkins domain credentials, and uses the script console to decrypt each password if anonymous permission is allowed. It has been tested against Jenkins version 1.590, 1.633, and 1.638.

tags | exploit
SHA-256 | 83baacd6b712b9616b65f2e2a8c14590416f5f3163b7be41a65f76feb04bb8f2
Red Hat Security Advisory 2024-5411-03
Posted Aug 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5411-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-43044
SHA-256 | 068e4971be0ae9f67e2e1098b8d7d7b931eec474ff5000fc99f1fd09a52b5db5
Red Hat Security Advisory 2024-5410-03
Posted Aug 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5410-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-43044
SHA-256 | eb18e0ae04d57031458b02850dcf16f3d15d47b1f69b7c3e2bd0ce55d7adfc56
Red Hat Security Advisory 2024-5406-03
Posted Aug 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5406-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-43044
SHA-256 | ebc166c50f26fb0b417e894435c5b45a9476ead6a4e3b5918dbe1f7abdb30746
Red Hat Security Advisory 2024-5405-03
Posted Aug 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5405-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-43044
SHA-256 | 663a4609326d571bebbb166ff0bf2010076f838204e7b0ccdd0d93918af8667b
Red Hat Security Advisory 2024-4597-03
Posted Jul 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4597-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | 5653f444552aa9dcfad9f122561c243eef8057841ec41a1182c64537b2228e0f
Red Hat Security Advisory 2024-3636-03
Posted Jun 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3636-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | 0e8d58b536656dc4d77e0524da5f5d037ce00f8875c08de1e37b2298eb097f56
Red Hat Security Advisory 2024-3635-03
Posted Jun 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3635-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | 29e937251cb0f86785d28ea34924323c0afeed6d808c503826dcdbd6854e0663
Red Hat Security Advisory 2024-3634-03
Posted Jun 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3634-03 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | 471e894523b102b73eb86c40b950766e9ab27385d99f7b4285b2a5264571c5aa
Red Hat Security Advisory 2024-0778-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf
systems | linux, redhat
advisories | CVE-2020-7692
SHA-256 | ab4f43b9e71e063c24e6665055c78987e13d3b3ffaeb136bf2ca4c7222838cb2
Red Hat Security Advisory 2024-0777-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0777-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, information leakage, and open redirection vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf
systems | linux, redhat
advisories | CVE-2022-25857
SHA-256 | 3eed8a402985e9201b2959d777e66d6b3d4c828342daf0e2047df99c9352d53f
Red Hat Security Advisory 2024-0776-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0776-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2021-26291
SHA-256 | 066ec355713bdfb5d17ff8adb414021618bb7df8ac5b4fbee6ddd1731eff0030
Red Hat Security Advisory 2024-0775-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0775-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-1471
SHA-256 | bce52c7c00b891789e1532b690676483061f98b6a4dfcfe94e9ecadad6b53155
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
Posted Jan 29, 2024
Authored by binganao | Site github.com

Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.

tags | exploit, remote, arbitrary, proof of concept, python
advisories | CVE-2024-23897
SHA-256 | 4fdefdc8a91925284359a1beec765f58e6f6a5a76aa3e27c5a5a2fb4ba6cd562
Jenkins 2.441 / LTS 2.426.3 CVE-2024-23897 Scanner
Posted Jan 29, 2024
Authored by yoryio | Site github.com

Jenkins versions 2.441 and LTS 2.426.3 arbitrary file read scanner.

tags | exploit, arbitrary
advisories | CVE-2024-23897
SHA-256 | 0a161df23c6bac97a5923092b79fd307c231d11a8c0ec701df49569cfd362dfc
Red Hat Security Advisory 2023-7288-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7288-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-25857
SHA-256 | 2d749ef1a874df2c3d2ea1bc5b6df6559bdc02bce42e690e1738e4800b48e48d
Ubuntu Security Notice USN-6462-2
Posted Nov 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6462-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-31083, CVE-2023-3772, CVE-2023-4132
SHA-256 | 4c16f3fdcebfc5b44dc509e5a5feb0ff4952b6fea4797784253d2182ab528765
Ubuntu Security Notice USN-6462-1
Posted Nov 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6462-1 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-31083, CVE-2023-3772, CVE-2023-4132
SHA-256 | e35c00e54afdaf6fa41cf3726741036ae7a9fc376ca95ccc4451805eb74ea686
Red Hat Security Advisory 2023-6179-01
Posted Oct 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6179-01 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-25857
SHA-256 | 9bf774d4257b09a125341c848c5e9fcd820adea05d5a78b14f7420f1f63bcb7f
Red Hat Security Advisory 2023-6172-01
Posted Oct 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6172-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass, code execution, cross site scripting, denial of service, improper authorization, information leakage, and insecure permissions vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-7692
SHA-256 | 959995e5c8c8ffcb460eb26260215c7b7072fa04e4365429ecd702d04e034b5c
Red Hat Security Advisory 2023-6171-01
Posted Oct 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6171-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.11. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-1471
SHA-256 | 806b2fb0ca9c10f179c91b2e1d08b2766bbd6f208b5772e4e24f6d9e09918d44
Ubuntu Security Notice USN-6440-2
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6440-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 53dde989c721b58c0ab2a8afed3fd49eb8bd3b0589646a03c93ff63b342aa7dd
Ubuntu Security Notice USN-6440-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6440-1 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 598cc5d139a12c8f709abd7b1310edc18543d27b190ad6ec74fe1916b728621c
Page 1 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close