'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jenkins_remote_command_execution(Rule ID:1070210210)

Release Date2025/9/15

Rule NameCVE-2018-1000600: Jenkins remote command execution

Severity:critical

CVE IDCVE-2018-1000600

 

Descripiton

CloudBees Jenkins is a set of continuous integration tools based on Java developed by CloudBees in the United States. It is mainly used to monitor continuous software version release/test projects and some scheduled tasks. GitHub Plugin is one of the plug-ins used to create a connection between GitHub and Jenkins. There is an information disclosure vulnerability in the GitHubTokenCredentialsCreator.java file in CloudBees Jenkins GitHub Plugin 1.29.1 and earlier versions, which is caused by the program's failure to detect access permissions. Attackers can use this vulnerability to capture credentials stored in Jenkins. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.