40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
id: jfrog-unauth-build-exposed
|
|
|
|
info:
|
|
name: JFrog Unauthentication Builds
|
|
author: dhiyaneshDK
|
|
severity: medium
|
|
description: JFrog Builds are exposed to Unauthenticated users.
|
|
reference:
|
|
- https://github.com/jaeles-project/jaeles-signatures/blob/master/common/jfrog-unauth-build-exposed.yaml
|
|
metadata:
|
|
max-request: 1
|
|
tags: jfrog
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /ui/api/v1/global-search/builds?jfLoader=true HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/json
|
|
|
|
{"name":"","before":"","after":"","direction":"desc","order_by":"date","num_of_rows":100}
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "last_build_number"
|
|
- "build_name"
|
|
condition: and
|
|
part: body
|
|
|
|
- type: word
|
|
words:
|
|
- application/json
|
|
part: header
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a0047304502210093a798e151476dae4b18baa505977b69c06563c8d0c3eb78cf4667dd099e24cd02205694ce4319fce40b4965ee7c6bdd8ab5f0bef0fd015baf92fbdc2dd45684b9cf:922c64590222798bb761d5b6d8e72950 |