Main Vulnerability Database Exploits ID:11271 - Exploit for Missing Origin Validation in WebSockets in Jenkins and Jenkins LTS - CVE-2024-23898

ID:11271 - Exploit for Missing Origin Validation in WebSockets in Jenkins and Jenkins LTS - CVE-2024-23898

Published: March 31, 2025

Vulnerability identifier: #VU85790

Vulnerability risk: High

CVE-ID: CVE-2024-23898

CWE-ID: CWE-1385

Exploitation vector: Remote access

Vulnerable software:
Jenkins
Jenkins LTS

Link to public exploit:

https://github.com/davidmgaviria/CVE2_Jenkins_RCE

Vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to a cross-site WebSocket hijacking (CSWSH) issue when the affected application does not perform origin validation of requests made through the CLI WebSocket endpoint. A remote attacker can execute CLI commands on the Jenkins controller.

Remediation

Install updates from vendor's website.

ID:11271 - Exploit for Missing Origin Validation in WebSockets in Jenkins and Jenkins LTS - CVE-2024-23898

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human