summaryrefslogtreecommitdiffstats
path: root/features/support/helpers/firewall_helper.rb
diff options
context:
space:
mode:
authorHelmut Grohne <helmut@subdivi.de>2015-11-07 17:08:18 +0100
committerHelmut Grohne <helmut@subdivi.de>2015-11-07 17:08:18 +0100
commit4d3f5807cc2505d791c72ad88aef42abdfd4bebb (patch)
tree025591a9a199ae167e28006c3e1fb3c85b471151 /features/support/helpers/firewall_helper.rb
parente6364055aef2d9d660349e060ec909f08d3943e1 (diff)
downloadjenkins.debian.net-4d3f5807cc2505d791c72ad88aef42abdfd4bebb.tar.xz
mitigate jenkins remote execute 0-day
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli It seems that two channels need to be secured. The first is a custom tcp port which is firewalled anyway. The other part is urls starting with /cli. Instead of filtering this entry point in jenkins (and thus breaking bin/abort.sh), we apply the filtering in apache. Thus a local execute vulnerability remains, but we didn't care about those earlier.
Diffstat (limited to 'features/support/helpers/firewall_helper.rb')
0 files changed, 0 insertions, 0 deletions