Date: Tue, 01 Sep 2015 14:51:18 +0200 From: Nicolas Grégoire <nicolas.gregoire@...rri.fr> To: oss-security@...ts.openwall.com Subject: CSRF to RCE in Jenkins Hello, a CSRF to RCE exploit was published on Bugtraq last week. It affects Jenkins >= 1.626, including the latest public version. No CVE is affected (AFAIK) and an exploit should be added to the BeEF Project soon. Original post to Bugtraq: http://seclists.org/bugtraq/2015/Aug/161 BeEf devs working on an exploit for 1.627: https://twitter.com/bmantra/status/638680685084037120 Cheers, Nicolas Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.