CVE-2024-23898

Risk Scores

Affected Products

Exploit Intelligence

• CIRCL seen: CVE-2024-23898 (circl-sighting)
• CIRCL seen: CVE-2024-23898 (circl-sighting)
• CIRCL published-proof-of-concept: CVE-2024-23898 (circl-sighting)
• CIRCL seen: CVE-2024-23898 (circl-sighting)
• CIRCL seen: CVE-2024-23898 (circl-sighting)
• CIRCL published-proof-of-concept: CVE-2024-23898 (circl-sighting)
• CIRCL seen: CVE-2024-23898 (circl-sighting)
• A proof of concept cross-site WebSocket hijacking exploit for CVE-2024-23898 — a vulnerability affecting Jenkins versions 2.217-2.441. For educational use in the Hacking & Offensive Security course at Carnegie Mellon University. (github-poc-repo)
• A proof of concept cross-site WebSocket hijacking exploit for CVE-2024-23898 — a vulnerability affecting Jenkins versions 2.217-2.441. For educational use in the Hacking & Offensive Security course at Carnegie Mellon University. (github-poc-repo)
• A proof of concept cross-site WebSocket hijacking exploit for CVE-2024-23898 — a vulnerability affecting Jenkins versions 2.217-2.441. For educational use in the Hacking & Offensive Security course at Carnegie Mellon University. (github-poc-repo)

…and 20 more exploits

Timeline

• Jan 24, 2024 CVE Published
• Jan 24, 2024 PoC Published
• Jan 26, 2024 CVE Updated
• Jan 26, 2024 PoC Published
• Jan 28, 2024 PoC Published
• Jan 29, 2024 PoC Published
• Jan 31, 2024 EPSS Score
• Feb 18, 2024 PoC Published
• Feb 20, 2024 PoC Published
• Mar 26, 2024 EPSS Score
• Apr 23, 2024 EPSS Score
• Jun 17, 2024 EPSS Score

References

• http://www.openwall.com/lists/oss-security/2024/01/24/6 url
• https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315 url
• https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/ url
• https://nvd.nist.gov/vuln/detail/CVE-2024-23898 url