unauthenticated-jenkins: Jenkins Dashboard - Unauthenticated Access

漏洞描述

PoC代码[已公开]

id: unauthenticated-jenkins

info:
  name: Jenkins Dashboard - Unauthenticated Access
  author: dhiyaneshDK
  severity: high
  description: Jenkins Dashboard is exposed to external users.
  metadata:
    max-request: 2
  tags: jenkins,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/jenkins/"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - Dashboard [Jenkins]

      - type: status
        status:
          - 200
# digest: 4a0a004730450220427dd502a6559f6885f96f86072aeefc3456e436ec7d0af9e0bc830da883476202210095763b8d4a812b87c468e85dabcf59abff1694d87270c53309c29edb793ca9e9:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• （CVE-2025-59474）Jenkins侧边栏权限绕过漏洞
• jenkins-unauthorized-rce: Jenkins unauthorized rce
• POC CVE-2017-1000353: Jenkins CLI - Java Deserialization
• POC CVE-2016-9299: Jenkins CLI - HTTP Java Deserialization
• POC CVE-2018-1000600: Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
• POC CVE-2018-1000861: Jenkins - Remote Command Injection
• POC CVE-2019-1003000: Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
• POC CVE-2019-10405: Jenkins <=2.196 - Cookie Exposure
• POC CVE-2019-10475: Jenkins build-metrics 1.3 - Cross-Site Scripting
• POC CVE-2020-2096: Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
• POC CVE-2020-2103: Jenkins <=2.218 - Information Disclosure
• POC CVE-2022-36883: Jenkins Git <=4.11.3 - Missing Authorization
• POC CVE-2024-23897: Jenkins < 2.441 - Arbitrary File Read