$$ RED31 $$

IP Address: 172.25.200.200

Port: 9035

Want to run this Docker container locally?

docker run -d --restart always --name flag-red31 -p 9035:8080 joshbeck2024/ctf-jenkins-cve-2024-23897-red31

What is Jenkins?

• Jenkins is a popular open-source automation server used for continuous integration and continuous delivery (CI/CD). It automates the building, testing, and deploying of software.

Example of how Jenkins might be used in the real world to build, test, and automate software deployment.

• Let’s say we have a team of 20 developers all working on the same codebase/project.
• Joe, the new guy, makes a change to the code and wants to integrate his changes.
  • Any changes Joe has made could break the application's functionality.
  • Joe can use a platform like Jenkins to run predefined tests against the entire codebase including his new code. If all tests pass, the commit may be allowed. If a test fails, the CI pipeline will be stopped and Joe/Joe’s team will be notified.
  • If you are studying for the Security+, CI/CD is a key concept.

I’m surprised Nmap didn’t pick this up, but if you go to the front page of the Jenkins application, view the page source, and search for ‘version’, you’ll find that this is Jenkins version 2.441.

A Google search for ‘Jenkins 2.441 CVE’ will turn up the following advisory:

The vulnerability here lies in the fact that the CLI client designed to work with Jenkins deployments utilizes the arg4j library to parse CLI arguments.

Vulnerability Summary/Example:

• Under normal circumstances, the Jenkins CLI program jenkins-cli.jar (which we will download shortly) can be run to get help regarding available commands.

The Jenkins documentation showing us how to download the client can be found here.