.png)
9 months ago
59 BOOK THIS SPACE FOR AD
ARTICLE AD
Subscribed to: https://medium.com/@kerstan
Hello everyone, I’m Kerstan.
Today is Bug bounty Tuesday, I will share with you about Jenkins Arbitrary File Reading Vulnerability.
So, let’s dive right in.
Jenkins features an integral command-line interface (CLI) accessible through scripts or command shell. During CLI command execution, Jenkins employs the args4j library to interpret the command arguments and options on the Jenkins controller. Due to an enabled-by-default functionality in the CLI command parser of Jenkins’ compromised versions, known as expandAtFiles, adversaries can wield this parser attribute to substitute characters following the @ parameter with a file path for the contents within the file. This vulnerability may lead to unauthorized reading of any file within the Jenkins controller file system or be leveraged for remote code execution in various scenarios.
File Reading through Command-line Interface: Jenkins’ inherent command-line interface (CLI) embodies a feature permitting file contents to be interchanged with command parameters by appending a file path to the @ character. As a result, attackers can potentially access any file on the file system of Jenkins controller.
Circumventing Permissions: Assailants with Overall/Read permissions could potentially read the full contents of files, while even those devoid of such access could manage to view portions of file contents.
Affected Versions:
Jenkins version 2.441 and earlierJenkins Long-Term Support (LTS) version 2.426.2 and earlier.Use Docker for environment setup https://hub.docker.com/r/jenkins/jenkins/tags
docker pull jenkins/jenkins:2.440-jdk17docker run --name jenkins -p 8090:8080 jenkins/jenkins:2.440-jdk17
Bengali (Bangladesh) · 
English (United States) ·