ioc[.]one - OSINT Cyber Threat Intelligence Database

Hacking Jenkins Part 1 - Play with Dynamic Routing

Tags

attack-pattern:

Model Credentials - T1589.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	3836b96c-a5fc-445f-85ed-665f97931b1e
Fingerprint	d12151106c064705
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 16, 2019, midnight
Added to db	Jan. 18, 2023, 7:38 p.m.
Last updated	Nov. 16, 2024, 7:04 p.m.
Headline	Orange
Title	Hacking Jenkins Part 1 - Play with Dynamic Routing
Detected Hints/Tags/Attributes	55/1/19

Source URLs

	Redirection	Url
Details	Source	https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html
Details	Source	http://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html

URL Provider

Details	Provider	Source level domain
Details	orange.tw	blog.orange.tw

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	4		cve-2018-1999002
Details	CVE	7		cve-2018-1000600
Details	CVE	3		cve-2018-1999046
Details	CVE	13		cve-2018-1000861
Details	CVE	12		cve-2019-1003000
Details	CVE	4		cve-2019-1003001
Details	CVE	3		cve-2019-1003002
Details	CVE	4		cve-2018-6356
Details	Domain	3		jenkins.read
Details	File	26		lang.obj
Details	File	47		index.jsp
Details	File	12		jenkinsci.pl
Details	File	5		github.config
Details	IPv4	88		169.254.169.254
Details	Url	4		http://jenkin.local/adjuncts/whatever/class/classloader/resource/index.jsp/content
Details	Url	3		http://jenkins.local/securityrealm/user/admin/search/index?q=[keyword]
Details	Url	3		http://jenkins.local/securityrealm/user/admin/api/xml
Details	Url	3		http://jenkins.local/securityrealm/user/admin/descriptorbyname/org.jenkinsci.plugins.github.config.githubtokencredentialscreator/createtokenbypassword
Details	Url	3		http://169.254.169.254/#