Search the Community
Showing results for tags 'acl'.
-
This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61. View the full article
-
getpidcon() usage in hardware binder servicemanager on Android permits ACL bypass. View the full article
-
- android
- getpidcon()
-
(and 2 more)
Tagged with: