Jenkins & Public-Facing Servers
In this lesson we will explore how misconfigured Jenkins instances and forgotten about public-facing servers can lead to vulnerabilities.
We'll cover the following...
We'll cover the following...
Jenkins
If we use Jenkins, we need to keep it patched, as we discussed back in Chapter 1: Patching.
But Jenkins has a common misconfiguration that merits special mention. Jenkins instances are often started with insecure settings that allow for unauthenticated execution of commands in a scripting language called Groovy. Groovy scripts can execute arbitrary shell commands. So a common attack is to scan the network for misconfigured Jenkins servers, use the Groovy Scripting Console to dump ...