Jenkins is one of the most famous Continuous Integration tools and an integral part of DevOps that is often used to integrate various DevOps stages. Recently, Jenkins securiy team disclosed tens of flaws affecting 29 plugins for the Jenkis automation server, most of them are yet to be patched.

In this regard, I did found opened x-jenkins servers by open source intelligence (shodan, criminal ip, censys). And found some servers didn’t have any authentication process.

Asset search in criminalip.io, it has revealed me couples of opened jenkins servers and redis commander server. Cool

Cool, very cool

If this is a real sever, not a trick… It’s could be a severe source of data breaches
I’m surprised that dataset of criminal ip is quite useful, I’ve searched in other open source but i couldn’t get deeper

make authentication a life