Jenkins CI server at Risk: High risk vulnerability (August 10, 2018)

Jenkins is an open source build automation tool written in Java. It is the most widely used tool for Continuous Integration (CI) & Continuous Delivery (CD). It offers hundreds of plugins to support software build development, deployment & test automation process. Jenkins CI server runs on servlet containers such as Apache Tomcat. It supports various version control software such as subversion, Git, CVS, Perforce etc.

A serious policy bypass vulnerability has been reported in Jenkins CI server (CVE-2018-1999001). This is due to insufficient validation of login requests by Jenkins instance. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to a vulnerable Jenkins CI server. Successful exploitation causes Jenkins to revert to default settings granting administrator access to anonymous users

Read More…