Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jenkins - Remote Code Execution" module is designed to detect a critical vulnerability in Jenkins, a popular automation server. This vulnerability allows remote attackers to execute arbitrary code on the target system. The severity of this vulnerability is classified as critical, indicating the potential for significant damage if exploited.
This module was authored by philippedelteil.
If successfully exploited, this vulnerability can lead to unauthorized remote code execution on the target Jenkins server. Attackers can leverage this access to perform various malicious activities, such as compromising sensitive data, disrupting operations, or launching further attacks within the network.
The "Jenkins - Remote Code Execution" module works by sending HTTP requests to the target Jenkins server and analyzing the responses based on specific matching conditions. One example of an HTTP request sent by this module is a GET request to the "/script/" path.
The module's matching conditions include:
- Checking the response body for the presence of the code snippet "println(Jenkins.instance.pluginManager.plugins)" - Verifying if the response body contains either "Script Console" or "Scriptconsole" - Ensuring that the response status is 200 (OK)If all the matching conditions are met, the module identifies the presence of the vulnerability and reports it as a potential security issue.
For more information, you can refer to the HackerOne report related to this vulnerability.