daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update jenkins-script.yaml

patch-1
Prince Chaddha 2022-05-31 14:11:09 +05:30 committed by GitHub
parent ebab53c7be
commit 03993005fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
vulnerabilities/jenkins/jenkins-script.yaml
View File

@ -4,7 +4,8 @@ info:
name: Jenkins - Remote Code Execution
author: philippedelteil
severity: critical
description: Jenkins is susceptible to a remote code execution vulnerability due to accessible script functionality.
description: |
Jenkins is susceptible to a remote code execution vulnerability due to accessible script functionality.
reference:
- https://hackerone.com/reports/403402
classification:
@ -18,14 +19,16 @@ requests:
- method: GET
path:
- "{{BaseURL}}/script/"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "println(Jenkins.instance.pluginManager.plugins)"
- "Scriptconsole"
condition: and
part: body
- type: status
status:
- 200