Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Jenkins panel async-people

By kannthu

Informative
Vidoc logoVidoc Module
#jenkins
Description

Jenkins panel async-people

What is the "Jenkins panel async-people" module?

The "Jenkins panel async-people" module is a test case designed to detect misconfigurations or vulnerabilities in the Jenkins software. It focuses on the "async-people" panel within Jenkins.

This module has an informative severity level, meaning it provides valuable information but does not pose an immediate threat.

Author: nadino

Impact

This module aims to identify potential misconfigurations or vulnerabilities in the "async-people" panel of Jenkins. The impact of these issues can vary depending on the specific findings, but they could potentially lead to unauthorized access, data leaks, or other security risks.

How does the module work?

The "Jenkins panel async-people" module utilizes HTTP request templates and matching conditions to perform its scanning. It sends a GET request to the "/asynchPeople/" path and looks for the presence of the "" string in the response body.

If the response contains this string, it indicates that the "async-people" panel is present and accessible, which may suggest a potential misconfiguration or vulnerability.

Metadata: max-request: 1

Reference

- https://bugs.eclipse.org/bugs/show_bug.cgi?id=564944

- https://issues.jenkins.io/browse/JENKINS-30107

- https://issues.jenkins.io/browse/JENKINS-18884

- https://issues.jenkins.io/browse/JENKINS-26469

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/asynchPeople/
Matching conditions
word: <title>People - [Jenkins]</title>
Passive global matcher
No matching conditions.
On match action
Report vulnerability