Open prod Jenkins instance
High
S
Snapchat
Submitted None
Team Summary
Official summary from Snapchat
@preben_ve found a Jenkins instance where they could login with any valid Google account. Once logged in, they gained access to sensitive API tokens. The access also included some source code disclosure for public apps and the ability to execute arbitrary code via the Jenkins Script Console.
Actions:
Reported by
preben
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$15000.00
Submitted
Weakness
Information Disclosure