RCE/LFI on test Jenkins instance due to improper authentication flow
Medium
S
Snapchat
Submitted None
Team Summary
Official summary from Snapchat
@nahamsec found a test Jenkins instance where they could login with any valid Google account. Once logged in, they gained the ability to execute arbitrary code via the Jenkins Script Console. This was a test jenkins instance with no access to source code or resources.
Actions:
Reported by
nahamsec
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic