Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect Jenkins in Debug Mode with Stack Traces Enabled

By kannthu

Low
Vidoc logoVidoc Module
#jenkins#hackerone
Description

What is "Detect Jenkins in Debug Mode with Stack Traces Enabled?"

This module is designed to detect if the target host is running an instance of Jenkins in debug mode with stack traces enabled. Jenkins is an open-source automation server that is widely used for continuous integration and delivery of software projects. By identifying this misconfiguration, the module helps to highlight potential security risks associated with debug mode and stack trace exposure.

Severity: Low

Author: Dheerajmadhukar

Impact

Running Jenkins in debug mode with stack traces enabled can expose sensitive information about the application's internal workings. This information can be leveraged by attackers to gain insights into the system's architecture, identify potential vulnerabilities, and launch targeted attacks.

How the module works?

The module utilizes HTTP request templates and matching conditions to identify the presence of Jenkins in debug mode with stack traces enabled. It sends a GET request to the "/adjuncts/3a890183/" path and checks for specific conditions in the response.

Matching Conditions:

- The response body contains the words "java.lang.StringIndexOutOfBoundsException" and "String index out of range". - The response status code is 500 (Internal Server Error).

If both conditions are met, the module considers the target host to be running Jenkins in debug mode with stack traces enabled.

Example HTTP Request:

GET /adjuncts/3a890183/ HTTP/1.1
Host: [target_host]

Reference: https://hackerone.com/reports/221833

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/adjuncts/3a890183/
Matching conditions
word: java.lang.StringIndexOutOfBoundsExceptio...and
status: 500
Passive global matcher
No matching conditions.
On match action
Report vulnerability