You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The exploit/multi/http/jenkins_script_console module fails to run against version 2.346.3 (pushed to docker hub on 2022-08-10) because the login process fails. I noticed this while testing #16750. I was able to confirm that it is working on Jenkins 2.60.3 (pushed to docker hub on 2018-07-17), so it was broken sometime during that 4 year period.
At least one issue is that the URI changed from j_acegi_security_check to j_spring_security_check. There could be additional changes.
Steps to reproduce
Pull down docker 2.346.3 from docker, run it like docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.346.3
Note the admin password (it looks like a hash)
Set the USERNAME to admin and the PASSWORD to that value
Run the module and see the login process fail
The text was updated successfully, but these errors were encountered:
The
exploit/multi/http/jenkins_script_console
module fails to run against version 2.346.3 (pushed to docker hub on 2022-08-10) because the login process fails. I noticed this while testing #16750. I was able to confirm that it is working on Jenkins 2.60.3 (pushed to docker hub on 2018-07-17), so it was broken sometime during that 4 year period.At least one issue is that the URI changed from
j_acegi_security_check
toj_spring_security_check
. There could be additional changes.Steps to reproduce
2.346.3
from docker, run it likedocker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.346.3
The text was updated successfully, but these errors were encountered: