This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS. The sh parameter allows us to run commands. Sample script: node { sh "whoami" } In addition, ANONYMOUS users also have the authority to JOB create and BUILD by default. Therefore, all users without console authority can run commands on the system as root privilege. Continue reading...
