Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

【主机漏洞】Jenkins JDK / Ant Tools Job Configuration Stored XSS Vulnerability (SECURITY-624) (deprecated)

wpadmin~July 23, 2018 /InfoSec

Jenkins JDK / Ant Tools Job Configuration Stored XSS Vulnerability (SECURITY-624) (deprecated)

漏洞详情

该漏洞插件已被 Nessus 废弃,需要用 google 网页快照访问。
https://www.tenable.com/plugins/nessus/105293

Jenkins Security Advisory 2017-12-05
https://jenkins.io/security/advisory/2017-12-05/

Workaround 缓解措施
https://github.com/jenkinsci-cert/security624

漏洞说明

该漏洞是 Jenkins administrator 才能利用的存储型 XSS,并且受到该 XSS 影响的也是 其他 Jenkins 管理员用户。
总体来说没什么修复必要。
该漏洞的先决条件的是攻击者已经获取了 Jenkins 的 administrator 权限 … 并且最终的利用还是 XSS 。

Leave a Reply

Your email address will not be published. Required fields are marked *