Date: Tue, 01 Sep 2015 14:51:18 +0200 From: Nicolas Grégoire <nicolas.gregoire@...rri.fr> To: oss-security@...ts.openwall.com Subject: CSRF to RCE in Jenkins Hello, a CSRF to RCE exploit was published on Bugtraq last week. It affects Jenkins >= 1.626, including the latest public version. No CVE is affected (AFAIK) and an exploit should be added to the BeEF Project soon. Original post to Bugtraq: http://seclists.org/bugtraq/2015/Aug/161 BeEf devs working on an exploit for 1.627: https://twitter.com/bmantra/status/638680685084037120 Cheers, Nicolas Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ