Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module is designed to detect if the target host is running an instance of Jenkins in debug mode with stack traces enabled. Jenkins is an open-source automation server that is widely used for continuous integration and delivery of software projects. By identifying this misconfiguration, the module helps to highlight potential security risks associated with debug mode and stack trace exposure.
Severity: Low
Author: Dheerajmadhukar
Running Jenkins in debug mode with stack traces enabled can expose sensitive information about the application's internal workings. This information can be leveraged by attackers to gain insights into the system's architecture, identify potential vulnerabilities, and launch targeted attacks.
The module utilizes HTTP request templates and matching conditions to identify the presence of Jenkins in debug mode with stack traces enabled. It sends a GET request to the "/adjuncts/3a890183/" path and checks for specific conditions in the response.
Matching Conditions:
- The response body contains the words "java.lang.StringIndexOutOfBoundsException" and "String index out of range". - The response status code is 500 (Internal Server Error).If both conditions are met, the module considers the target host to be running Jenkins in debug mode with stack traces enabled.
Example HTTP Request:
GET /adjuncts/3a890183/ HTTP/1.1
Host: [target_host]
Reference: https://hackerone.com/reports/221833
Metadata: max-request: 1