Hello Everyone,
Many months back when i was testing on hackerone and i came across Jenkins instance.
So first and foremost i did directory bruteforce and found interesting thing on Jenkins instance i reported it got closed as informational as it was a VDP (was noob back there)
I came across some more programs on jenkins instance and same error also appeared there .
So i searched for more instances and it was working on all of then.
What was the issue?
Let's say target.com is jenkins instance so if we hit http://target.com/assets/
It throws stack error giving us instance information
REPORTED
I reported this to jenkins https://www.jenkins.io/security/ and after some days i recieved a mail
I was so glad that i was going to get CVE in my pocket.
BUT unfortunately
So i guess i wasn't getting any CVE
So if anyone want any information about instance or plugins feel free to use above method if not fixed
Here's Jira issue https://issues.jenkins-ci.org/browse/JENKINS-58736
Still i got Ranked #1 on this https://hackerone.com/xhunt3r
Many months back when i was testing on hackerone and i came across Jenkins instance.
So first and foremost i did directory bruteforce and found interesting thing on Jenkins instance i reported it got closed as informational as it was a VDP (was noob back there)
I came across some more programs on jenkins instance and same error also appeared there .
So i searched for more instances and it was working on all of then.
What was the issue?
Let's say target.com is jenkins instance so if we hit http://target.com/assets/
It throws stack error giving us instance information
REPORTED
I reported this to jenkins https://www.jenkins.io/security/ and after some days i recieved a mail
I was so glad that i was going to get CVE in my pocket.
BUT unfortunately
So i guess i wasn't getting any CVE
So if anyone want any information about instance or plugins feel free to use above method if not fixed
Here's Jira issue https://issues.jenkins-ci.org/browse/JENKINS-58736
Still i got Ranked #1 on this https://hackerone.com/xhunt3r
Comments
Post a Comment