Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jenkins Script Console Login Broken #16945

Closed
smcintyre-r7 opened this issue Aug 25, 2022 · 0 comments · Fixed by #17013
Closed

Jenkins Script Console Login Broken #16945

smcintyre-r7 opened this issue Aug 25, 2022 · 0 comments · Fixed by #17013
Assignees
@smcintyre-r7
Labels
bug

Comments

@smcintyre-r7
Copy link
Contributor

The exploit/multi/http/jenkins_script_console module fails to run against version 2.346.3 (pushed to docker hub on 2022-08-10) because the login process fails. I noticed this while testing #16750. I was able to confirm that it is working on Jenkins 2.60.3 (pushed to docker hub on 2018-07-17), so it was broken sometime during that 4 year period.

At least one issue is that the URI changed from j_acegi_security_check to j_spring_security_check. There could be additional changes.

Steps to reproduce

  1. Pull down docker 2.346.3 from docker, run it like docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.346.3
  2. Note the admin password (it looks like a hash)
  3. Set the USERNAME to admin and the PASSWORD to that value
  4. Run the module and see the login process fail
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smcintyre-r7 smcintyre-r7

Labels
bug
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Jenkins Login For Newer Versions zeroSteiner/metasploit-framework
1 participant
@smcintyre-r7