H3-2022-0071
Jenkins Self-Signup Enabled
Category | SECURITY_MISCONFIGURATION |
Base Score | 5.0 |
Description
The Jenkins instance permits anyone to create an account and log in to the Jenkins server.
Impact
An attacker can abuse Jenkins self-signup to potentially access sensitive information such as passwords, private keys, and tokens. Attackers may be able to perform sensitive actions depending on the configuration of the server.