possible new 0 day for jenkins

[urbanczykd]

looks like yesterday we've been hacked quite similar as but reported a year ago, our Jenkins server tuns again to zombie and start to mining monero check attachment.

We run Jenkins ver. 2.126 

[Daniel Beck]

> On 5. Sep 2018, at 11:15, urbanczykd <urban...@gmail.com> wrote:
>
> looks like yesterday we've been hacked quite similar as but reported a year ago, our Jenkins server tuns again to zombie and start to mining monero check attachment.

Per your screenshot, you have anonymous administrator access enabled, so anyone knowing the URL to your Jenkins can configure it to do whatever they want. This hasn't been the default for well over two years now, partly in response to https://jenkins.io/security/advisory/2015-10-01/

So you just need to actually set up security in Jenkins so that anonymous users cannot configure it.

[Dariusz Urbańczyk]

Yeah found it with our devops sorry my bad it was this issue thanks

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CB613A7F-2E3E-4143-B047-F5D27F2236C3%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.

--

______________________________________
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvHhFH/9Yk/EmbWBBr5a06x5k+dJ6WDCRAYL7ME1wR7fB1ncwMkmfGukijXSZzAV5DXT0yA5V8AYk11W3K8pqDRwlh9yvUUXxIda4xmjD52+KR3c0nTgxMtA+XvfSxmlPc423LTbRhOdjOZLIKtlyfAxnf2agDnMOG9TVLsfLoiZwsbRLRTNx7CisnkdJJFEIQylBXUCIBngL7bwt5sUZ9Ubm9h7aKg9gD0VA7JnDpSQnOWSs+DykPuU5zulsPW4TjVzEUCFeoOyNwrlDyUscva9OJmF0Rj/2gVntpBklOjDIcLx4BhyBLGD5fBb2QXOvLvy3XL6Qt49o/9uLoj5lUQ== urban...@gmail.com

Dariusz Urbańczyk
tel.kom. 791 235 111