daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update jenkins-script.yaml

patch-1
Prince Chaddha 2022-05-31 14:11:09 +05:30 committed by GitHub
parent ebab53c7be
commit 03993005fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
vulnerabilities/jenkins/jenkins-script.yaml
View File

@ -4,7 +4,8 @@ info:
name: Jenkins - Remote Code Execution name: Jenkins - Remote Code Execution
author: philippedelteil author: philippedelteil
severity: critical severity: critical
description: Jenkins is susceptible to a remote code execution vulnerability due to accessible script functionality. description: |
Jenkins is susceptible to a remote code execution vulnerability due to accessible script functionality.
reference: reference:
- https://hackerone.com/reports/403402 - https://hackerone.com/reports/403402
classification: classification:
@ -18,14 +19,16 @@ requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/script/" - "{{BaseURL}}/script/"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
part: body
words: words:
- "println(Jenkins.instance.pluginManager.plugins)" - "println(Jenkins.instance.pluginManager.plugins)"
- "Scriptconsole" - "Scriptconsole"
condition: and condition: and
part: body
- type: status - type: status
status: status:
- 200 - 200