HTTP: Jenkins Core CLI Cross-Site WebSocket Hijacking

This signature detects attempts to exploit a known vulnerability against Jenkins Core. A successful attack can lead to command injection and arbitrary code execution.

Extended Description

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

Affected Products

Jenkins jenkins

References

CVE: CVE-2024-23898

Short Name
HTTP:CTS:JENKINS-CORE-CLI-WEBHI
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CLI CVE-2024-23898 Core Cross-Site Hijacking Jenkins WebSocket
Release Date
04/04/2024
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3692
False Positive
Unknown
Vendors

Jenkins

Found a potential security threat?