Community
Participate
Working Groups
Created attachment 286522 [details] poc Ecpilse.org/viatra exposed a Jenkins server on the internet without any authentication, this allowed to see the users listed in https://build.incquerylabs.com/jenkins/view/All/asynchPeople/.and also anyone can create a user account to the Jenkins server.
I'll reassign this to the project in question, as this has nothing to do with the Eclipse CI systems.
This server is not related to the VIATRA project but a separate one maintained by IncQuery Labs; we are already planning to close it down. I am assigning this issue to myself and keep it open until it happens.
@zoltan I hope the security bug is considered and triage.
@zoltan.ujhelyi@incquerylabs.com any update
The Jenkins instance is no more available from the public internet without login.
Thanks!
@zoltan.ujhelyi@incquerylabs.com No bounty for this ???
y no reply ????
?????????
There is no bounty offered. Thanks for your contribution.