Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21417

Jenkins Debian package allows remote code execution out of the box

XMLWordPrintable

      When you apt-get install jenkins from the upstream repo, it starts listening on all interfaces with no security configured right from the post-inst script, which allows remote code execution if somebody accesses it before the admin can configure some security.

      The version of Jenkins packages in Ubuntu ships a config file that binds to localhost-only by default, mitigating this issue.

          [JENKINS-21417] Jenkins Debian package allows remote code execution out of the box

          There are no comments yet on this issue.

            Unassigned Unassigned
            mgedmin Marius Gedminas
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: