Cybersecurity researchers have found that it’s possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining.
« Misconfigurations such as improperly set up authentication mechanisms expose the ‘/script’ endpoint to attackers, » Trend Micro’s Shubham Singh and Sunil Bharti said in a technical write-up