Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Jenkins Default Credentials (HTTP)
Information
Severity
Severity
High
Family
Family
Default Accounts
CVSSv2 Base
CVSSv2 Base
7.5
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Solution Type
Solution Type
Mitigation
Created
Created
2 years ago
Modified
Modified
2 years ago
Summary
The remote Jenkins automation server is using known default credentials for the web login.
Insight
Insight
The remote Jenkins automation server is lacking a proper password configuration, which makes critical information and actions accessible for people with knowledge of the default credentials. Note: New Jenkins versions are creating / enforcing a strong and random password. But some specific deployments might still use known default credentials.
Detection Method
Detection Method
Tries to login via HTTP using known default credentials.
Solution
Solution
Change the default password.