vpatch-CVE-2024-23897 AppSec Rule

« vpatch-CVE-2024-23897 »
v0.4 by crowdsecurity
AppSec rule

Jenkins CLI RCE (CVE-2024-23897)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-23897

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2024-23897
2description: "Jenkins CLI RCE (CVE-2024-23897)"
3rules:
4  - and:
5    - zones:
6      - METHOD
7      match:
8        type: equals
9        value: POST
10    - zones:
11      - URI
12      match:
13        type: endsWith
14        value: "/cli"
15    - zones:
16        - HEADERS
17      variables:
18        - side
19      transform:
20        - lowercase
21      match:
22        type: equals
23        value: "upload"
24    - zones:
25      - RAW_BODY
26      match:
27        type: regex
28        value: >-
29          @/|@\.
30labels:
31  type: exploit
32  service: http
33  confidence: 3
34  spoofable: 0
35  behavior: "http:exploit"
36  label: "Jenkins CLI RCE"
37  classification:
38   - cve.CVE-2024-23897
39   - attack.T1595
40   - attack.T1190
41   - cwe.CWE-552
42
43
44

Hub Appsec rule

« vpatch-CVE-2024-23897 »v0.4 by crowdsecurityAppSec rule

« vpatch-CVE-2024-23897 »
v0.4 by crowdsecurity
AppSec rule