Hijacking NodeJS Jenkins Agents For Code Execution and More

www.praetorian.com

cross-posted to:
netsec
netsec
netsec
netsec
netsec
netsec
netsec
netsec
netsec
netsec

Hijacking NodeJS Jenkins Agents For Code Execution and More

www.praetorian.com

botM to Security DiscussionsEnglish · 14 days ago

cross-posted to:
netsec
netsec
netsec
netsec
netsec
netsec
netsec
netsec
netsec
netsec

Agent of Chaos: Hijacking NodeJS’s Jenkins Agents

www.praetorian.com

Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.

You must log in or register to comment.

Chat