Project

General

Profile

Actions
Copy link

Bug #46207

closed

Extremely vulnerable Jenkins server on your infrastructure

Added by root trader almost 4 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
David Galloway
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
1 - critical
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

Hello,
While searching for unsecured servers I have found one which belongs to your organization.
URL:  https://158.69.65.239/
I am able to see all the logs without any authentication. Being in data storage, network, file system, provide software development services, security services, e-commerce services this issue is very severe. I hope you take your security very seriously. Also, I am able to see your builds, build logs, console output, source code logs, on your Jenkins server. I hope you will patch the server soon and award me a good bounty for this responsible disclosure.

Many Thanks,
Roottrader

Files

Download all files
CEPH.png (161 KB) CEPH.png root trader, 06/25/2020 02:32 PM
Ceph-1.png (414 KB) Ceph-1.png root trader, 06/25/2020 02:32 PM
Actions
Copy link
 #1

Updated by Nathan Cutler almost 4 years ago

  • Project changed from Ceph to Infrastructure
  • Category deleted (build)
  • Assignee set to David Galloway
Actions
Copy link
 #2

Updated by David Galloway almost 4 years ago

  • Status changed from New to Rejected
Actions
Copy link

Also available in: Atom PDF