Devuan bug report logs - #566
Sensitive Information Disclosure

version graph

Packages: jenkins, server; Maintainer for jenkins is (unknown); Maintainer for server is (unknown);

Reported by: Nitish Singh <>

Date: Thu, 11 Mar 2021 03:03:01 UTC

Severity: normal

Found in version 2.194

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to,
bug#566; Package jenkins server. (Thu, 11 Mar 2021 03:03:02 GMT) (full text, mbox, link).

Acknowledgement sent to Nitish Singh <>:
New bug report received and forwarded. Copy sent to

Your message specified a Severity: in the pseudo-header, but the severity value high was not recognised. The default severity normal is being used instead. The recognised values are: critical, grave, normal, minor, wishlist.

(Thu, 11 Mar 2021 03:03:15 GMT) (full text, mbox, link).

Message #5 received at (full text, mbox, reply):

From: Nitish Singh <>
Subject: Sensitive Information Disclosure
Date: Thu, 11 Mar 2021 08:22:55 +0530
[Message part 1 (text/plain, inline)]
Version: 2.194
Severity: HIGH

I found a Jenkins server running on the public internet which is easy to
access and get sensitive information.

Steps To Reproduce
1. Visit the link  there is options to sign up.
2. You will get access to all the projects to check the files and check
their users.
3. If a hacker gets access to the .git file he uses and does something
against your organisation.

POC video is attached to this email.
[Message part 2 (text/html, inline)]
[POC_devuan.mp4 (video/mp4, attachment)]

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <>.
Last modified: Sun May 9 07:59:50 2021;