Jenkins Unauthenticated Remote Code Execution Via CLI

Posted on Posted in DevOps tools, Jenkins

Decription: Recently it was reported that it is possible for unauthenticated user to execute remote code vulnerability in Jenkins.

Affected versions: All

Recommended action: disable the CLI for now

As this uses the same attack vector as SECURITY-218, you can reuse the script and instructions published in this repository: https://github.com/jenkinsci-cert/SECURITY-218

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *