Wednesday, February 27, 2019

Jenkins - SECURITY-180/CVE-2015-1814 PoC


Forced API token change

SECURITY-180/CVE-2015-1814


Affected Versions

  • All Jenkins releases <= 1.605
  • All LTS releases <= 1.596.1

PoC
Tested against Jenkins 1.605


Burp output

Validate new token works



CG

No comments: