hi, 在 2023-05-03星期三的 01:50 +0600,ovix security写道: > Hi Team, > I have found a vulnerability in context to publicly > accessible Jenkins dashboard leaks user/employee data due to asynchPeople > people Enabled. > > Description: > Due to the publicly exposed Jenkins Dashboard I was able to see > user/employee data also project data.source code etc etc > > Steps to Reproduce : > 1) Go to " https://azure-build.debian.net/asynchPeople/ " (Your company > owned) > > > 2) You can see the large list of employee/user data and user id. > > Impact: > Sensitive Data Leak publicly > The access also included some source code disclosure Thanks for the report, but all user data, user ID and source code at least on this website are obviously intended to be public from the very beginning. I do not see data leak problem here. Thanks, Boyuan Yang
Attachment:
signature.asc
Description: This is a digitally signed message part