Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #566
Sensitive Information Disclosure

version graph

Packages: jenkins, server; Maintainer for jenkins is (unknown); Maintainer for server is (unknown);

Reported by: Nitish Singh <nitishsingh78697@gmail.com>

Date: Thu, 11 Mar 2021 03:03:01 UTC

Severity: normal

Found in version 2.194

Done: Mark Hindley <mark@hindley.org.uk>

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: owner@bugs.devuan.org
From: owner@bugs.devuan.org (Devuan Bug Tracking System)
Subject: Bug#566 closed by Mark Hindley <mark@hindley.org.uk> (closing 566)
Message-ID: <handler.566.c.167458383321976.notifdone@bugs.devuan.org>
References: <1674583810-572-bts-mark@hindley.org.uk>
X-Devuan-PR-Message: they-closed 566
X-Devuan-PR-Package: jenkins server
Date: Tue, 24 Jan 2023 18:12:01 +0000
Content-Type: multipart/mixed; boundary="----------=_1674583921-21998-0"

[Message part 1 (text/plain, inline)]
This is an automatic notification regarding your bug report
which was filed against the jenkins server package:

#566: Sensitive Information Disclosure

It has been closed by Mark Hindley <mark@hindley.org.uk>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mark Hindley <mark@hindley.org.uk> by
replying to this email.


-- 
Devuan Bug Tracking System
Contact owner@bugs.devuan.org with problems

[Message part 2 (message/rfc822, inline)]
From: Mark Hindley <mark@hindley.org.uk>
To: control@bugs.devuan.org
Subject: closing 566
Date: Tue, 24 Jan 2023 18:10:21 +0000
close 566 
thanks


[Message part 3 (message/rfc822, inline)]
From: Nitish Singh <nitishsingh78697@gmail.com>
To: submit@bugs.devuan.org
Subject: Sensitive Information Disclosure
Date: Thu, 11 Mar 2021 08:22:55 +0530
[Message part 4 (text/plain, inline)]
Package: JENKINS SERVER
Version: 2.194
Severity: HIGH


Summary
I found a Jenkins server running on the public internet which is easy to
access and get sensitive information.

Steps To Reproduce
1. Visit the link https://46.105.191.79/  there is options to sign up.
2. You will get access to all the projects to check the files and check
their users.
3. If a hacker gets access to the .git file he uses and does something
against your organisation.

POC video is attached to this email.

[Message part 5 (text/html, inline)]
[POC_devuan.mp4 (video/mp4, attachment)]

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sat May 4 09:37:49 2024;