edit-icon download-icon

[Vulnerability notice] Arbitrary file access vulnerability in Hudson

Last Updated: Nov 15, 2017

Description

Hudson is a continuous integration (CI) tool written in Java, which runs in a servlet container such as a Tomcat or GlassFish application server.

Hudson allows anonymous access, which can be exploited by attackers to read the code of all projects on the platform.

Fix

Change Hudson to a special directory, or only allow some IP addresses to access it.

Note: To avoid data loss, make a backup before making any changes, or create a hard disk snapshot for ECS.

Thank you! We've received your feedback.