Add PoC exploit for CVE-2024-23897

[postmodern]

Add a PoC exploit for CVE-2024-23897, an arbitrary file-read in Jenkins <= 2.441 and <= LTS 2.426.2.

Reference PoCs

• https://github.com/h4x0r-dz/CVE-2024-23897/blob/main/CVE-2024-23897.py
• https://github.com/Surko888/Surko-Exploit-Jenkins-CVE-2024-23897/blob/main/surko_exploit.py
• https://github.com/Maalfer/CVE-2024-23897/blob/main/CVE-2024-23897.py
• https://github.com/Athulya666/CVE-2024-23897/blob/main/CVE-2024-23897.py
• https://github.com/Abo5/CVE-2024-23897/blob/main/CVE-2024-23897.rb (written in Ruby!)
• https://github.com/godylockz/CVE-2024-23897/blob/main/jenkins_fileread.py
• https://github.com/ifconfig-me/CVE-2024-23897/blob/main/CVE-2024-23897.py
• https://github.com/Praison001/CVE-2024-23897-Jenkins-Arbitrary-Read-File-Vulnerability/blob/main/CVE-2024-23897.py
• https://gitee.com/river3587/h4x0r-dz-cve-2024-23897/blob/main/CVE-2024-23897.py
• https://github.com/jopraveen/CVE-2024-23897/blob/main/exp.py
• https://gitee.com/river3587/CVE-2024-23897/blob/main/poc.py
• https://github.com/viszsec/CVE-2024-23897/blob/main/CVE-2024-23897%20Jenkins.py
• https://github.com/Vozec/CVE-2024-23897/blob/main/CVE-2024-23897.py
• https://github.com/10T4/PoC-Fix-jenkins-rce_CVE-2024-23897
• https://github.com/h4x0r-dz/CVE-2024-23897/blob/main/CVE-2024-23897.py

Note: some of these PoCs rely on executing the jenkins-ci.jar to interact with the Jenkins server. I prefer the PoCs that directly send the HTTP requests.

Vuln App

• https://github.com/vulhub/vulhub/tree/167476fc625abd9fc0f932a96e9f7b5ee5fc1d5f/jenkins/CVE-2024-23897

How to Submit a PoC

See the CONTRIBUTING file for instructions on how to submit a PoC exploit.