Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jenkins panel async-people" module is a test case designed to detect misconfigurations or vulnerabilities in the Jenkins software. It focuses on the "async-people" panel within Jenkins.
This module has an informative severity level, meaning it provides valuable information but does not pose an immediate threat.
Author: nadino
This module aims to identify potential misconfigurations or vulnerabilities in the "async-people" panel of Jenkins. The impact of these issues can vary depending on the specific findings, but they could potentially lead to unauthorized access, data leaks, or other security risks.
The "Jenkins panel async-people" module utilizes HTTP request templates and matching conditions to perform its scanning. It sends a GET request to the "/asynchPeople/" path and looks for the presence of the "" string in the response body.
If the response contains this string, it indicates that the "async-people" panel is present and accessible, which may suggest a potential misconfiguration or vulnerability.
Metadata: max-request: 1
Reference- https://bugs.eclipse.org/bugs/show_bug.cgi?id=564944
- https://issues.jenkins.io/browse/JENKINS-30107