Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-1000600 PoC — CloudBees Jenkins GitHub Plugin 信息泄露漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-1000600.yaml
Associated Vulnerability
Title:CloudBees Jenkins GitHub Plugin 信息泄露漏洞 (CVE-2018-1000600)
Description:CloudBees Jenkins是美国CloudBees公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。GitHub Plugin是使用在其中的一个用于创建GitHub和Jenkins的连接的插件。 CloudBees Jenkins GitHub Plugin 1.29.1及之前版本中的GitHubTokenCredentialsCreator.java文件存在信息泄露漏洞,该漏洞源于程序没有检测访问权限。攻击者可利用该漏洞捕获储存在Jenki
Description
Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins.
File Snapshot

 id: CVE-2018-1000600

info:
  name: Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
  a

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.