Snapchat: RCE/LFI on test Jenkins instance due to improper authentication flow

2017-08-08T23:03:29
ID H1:258117
Type hackerone
Reporter nahamsec
Modified 2017-08-19T00:06:13

Description

@nahamsec found a test Jenkins instance where they could login with any valid Google account.

Once logged in, they gained the ability to execute arbitrary code via the Jenkins Script Console. This was a test jenkins instance with no access to source code or resources.

Methodology

Here is the Methodology used to find this bug: https://www.hackerone.com/blog/how-to-recon-and-content-discovery

Possible blog post?

If I get a chance, I may release all details on in a dedicated blogpost.