Jenkins & Public-Facing Servers
In this lesson we will explore how misconfigured Jenkins instances and forgotten about public-facing servers can lead to vulnerabilities.
We'll cover the following...
Jenkins
If we use Jenkins, we need to keep it patched, as we discussed back in Chapter 1: Patching.
But Jenkins has a common misconfiguration that merits special mention. Jenkins instances are often started with insecure settings that allow for unauthenticated execution of commands in a scripting language called Groovy. Groovy scripts can execute arbitrary shell commands. So a common attack is to scan the network for misconfigured Jenkins servers, use the Groovy Scripting Console to dump ...