JENKINS

Jenkins

#Few links to Dive deep

1. https://hackerone.com/reports/768266

2. https://hackerone.com/reports/182104

3. https://portswigger.net/daily-swig/jenkins-security-unpatched-xss-csrf-bugs-included-in-latest-plugin-advisory

4. https://logicbomb.medium.com/bugbounty-from-finding-jenkins-instance-to-command-execution-secure-your-jenkins-instance-9bd1e75c2288

5. https://medium.com/@kerstan/jenkins-arbitrary-file-reading-vulnerability-cve-2024-23897-bug-bounty-tuesday-8e3a69443d9b

6. https://nordicdefender.com/blog/critical-jenkins-vulnerability-cve-2024-23897

7. https://medium.com/@Cyfirma_/jenkins-cve-2024-23897-vulnerability-analysis-and-exploitation-17b3adc6881a

8. https://syedabeerahmed.medium.com/rce-jenkins-cve-2024-23897-6f56ac3ecf5d

9. https://medium.com/@elniak/critical-jenkins-rce-vulnerability-cve-2024-23897-402061a2b187

10. https://medium.com/@maheshwar.ramkrushna/enabling-csrf-protection-in-jenkins-step-by-step-guide-and-advantages-d8737d503889

11. https://medium.com/@red_darkin/how-to-replicate-jenkins-cve-2024-23897-arbitrary-file-read-vulnerability-260c8174dd94

#10 Most Common things to check

1. Open Jenkins Instances

2. Weak Authentication and Authorization

3. Outdated Jenkins Core or Plugins

4. Script Security Issues

5. Insufficient Plugin Security

6. Exposed Credentials

7. Jenkins File Leaks

8. Cross-Site Request Forgery (CSRF)

9. Build Process Manipulation

10. Exposed Jenkins API

Check Youtube for more.....