Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 01 Sep 2015 14:51:18 +0200
From: Nicolas Grégoire <nicolas.gregoire@...rri.fr>
To: oss-security@...ts.openwall.com
Subject: CSRF to RCE in Jenkins

Hello,

a CSRF to RCE exploit was published on Bugtraq last week. It affects
Jenkins >= 1.626, including the latest public version. No CVE is
affected (AFAIK) and an exploit should be added to the BeEF Project
soon.

Original post to Bugtraq:
http://seclists.org/bugtraq/2015/Aug/161

BeEf devs working on an exploit for 1.627:
https://twitter.com/bmantra/status/638680685084037120

Cheers,
Nicolas

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ