Snapchat: RCE/LFI on test Jenkins instance due to improper authentication flow

ID H1:258117
Type hackerone
Reporter nahamsec
Modified 2017-08-19T00:06:13


@nahamsec found a test Jenkins instance where they could login with any valid Google account.

Once logged in, they gained the ability to execute arbitrary code via the Jenkins Script Console. This was a test jenkins instance with no access to source code or resources.


Here is the Methodology used to find this bug:

Possible blog post?

If I get a chance, I may release all details on in a dedicated blogpost.