Actions
Bug #46207
closedExtremely vulnerable Jenkins server on your infrastructure
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
1 - critical
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
Hello,
While searching for unsecured servers I have found one which belongs to your organization.
URL: https://158.69.65.239/
I am able to see all the logs without any authentication. Being in data storage, network, file system, provide software development services, security services, e-commerce services this issue is very severe. I hope you take your security very seriously. Also, I am able to see your builds, build logs, console output, source code logs, on your Jenkins server. I hope you will patch the server soon and award me a good bounty for this responsible disclosure.
Many Thanks,
Roottrader
Files
Updated by Nathan Cutler almost 4 years ago
- Project changed from Ceph to Infrastructure
- Category deleted (
build) - Assignee set to David Galloway
Updated by David Galloway almost 4 years ago
- Status changed from New to Rejected
Actions