Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasJENKINS_CHECKSCRIPT_RCE
HistoryMar 08, 2019 - 9:29 p.m.

Immunity Canvas: JENKINS_CHECKSCRIPT_RCE

2019-03-0821:29:00
Immunity Canvas
exploitlist.immunityinc.com
65

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Name jenkins_checkscript_rce
CVE CVE-2019-1003029 Exploit Pack
VENDOR: Jenkins
NOTES:

Groovy Plugin supports sandboxed Groovy expressions for its ‘System Groovy’ functionality.
Its sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script.

IMPORTANT:

  • Sometimes an exception is generated during the exploitation of a vulnerable target,
    if this happens an error message will be shown and you should re-run the module.

  • The module creates a local webserver for the exploit proccess, so it’s necessary that both the target and CANVAS have mutual visibility.

Vulnerable versions:

  • < 2.138 (with ANONYMOUS_READ disabled)
  • < build time 2019-01-28 (with ANONYMOUS_READ enabled)

Tested on:

  • Ubuntu 18.10, Jenkins 2.122

Repeatability: Infinite
References: https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1338
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-1003029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-1003005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1000861
Date public: 17/05/2019

Related

hackerone 1
osv 6
github 3
prion 3
veracode 3
redhatcve 3
trendmicroblog 1
nuclei 1
cve 3
checkpoint_advisories 3
talosblog 1
openvas 3
attackerkb 2
cisa_kev 2
nessus 2
redhat 1
thn 2
cisa 1
kitploit 1
qualysblog 1
hackerone
hackerone
Django: Jenkins Unauthenticated RCE on https://djangoci.com/
2019-05-14 07:48:49
osv
osv
CVE-2019-1003029
2019-03-08 21:29:00
CVE-2019-1003005
2019-02-06 16:29:00
Sandbox Bypass in Script Security Plugin
2022-05-13 01:00:55
github
github
Sandbox Bypass in Script Security Plugin
2022-05-13 01:00:55
Sandbox bypass in Script Security Plugin
2022-05-13 01:00:55
Deserialization of Untrusted Data in Jenkins
2022-05-13 01:01:00
prion
prion
Security feature bypass
2019-02-06 16:29:00
Security feature bypass
2019-03-08 21:29:00
Remote code execution
2018-12-10 14:29:00
veracode
veracode
Sandbox Protection Bypass
2019-05-16 03:58:57
Arbitrary Code Execution
2019-05-16 03:58:57
Arbitrary Code Execution
2019-05-16 03:23:55
redhatcve
redhatcve
CVE-2018-1000861
2019-12-14 04:52:17
CVE-2019-1003029
2019-03-18 11:19:55
CVE-2019-1003005
2020-04-09 10:33:39
trendmicroblog
trendmicroblog
This Week in Security News: Unsecured Servers and Vulnerable Processors
2019-05-17 14:14:56
nuclei
nuclei
Jenkins - Remote Command Injection
2021-02-20 11:11:15
cve
cve
CVE-2019-1003005
2019-02-06 16:29:00
CVE-2018-1000861
2018-12-10 14:29:00
CVE-2019-1003029
2019-03-08 21:29:00
checkpoint_advisories
checkpoint_advisories
Jenkins Script Security Plugin Remote Code Execution (CVE-2019-1003029)
2022-05-15 00:00:00
Jenkins Stapler Web Framework Remote Code Execution (CVE-2018-1000861)
2019-05-21 00:00:00
Jenkins Stapler Web Framework Code Execution (CVE-2018-1000861)
2020-09-21 00:00:00
talosblog
talosblog
Watchbog and the Importance of Patching
2019-09-11 09:10:37
openvas
openvas
Jenkins < 2.121.3 / < 2.138 ACL Bypass Vulnerability
2019-06-03 00:00:00
Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities - Windows
2018-12-11 00:00:00
Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities - Linux
2018-12-11 00:00:00
attackerkb
attackerkb
CVE-2018-1000861
2018-12-10 00:00:00
CVE-2019-1003029
2019-03-08 00:00:00
cisa_kev
cisa_kev
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability
2022-02-10 00:00:00
Jenkins Script Security Plugin Sandbox Bypass Vulnerability
2022-04-25 00:00:00
nessus
nessus
RHEL 7 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)
2019-04-11 00:00:00
Jenkins < 2.138.4 LTS / 2.150.1 LTS / 2.154 Multiple Vulnerabilities
2018-12-07 00:00:00
redhat
redhat
(RHSA-2019:0739) Important: Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins security update
2019-04-10 18:27:43
thn
thn
New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin
2021-09-21 10:08:00
Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List
2019-07-25 09:38:00
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for JENKINS_CHECKSCRIPT_RCE
hackerone1osv6github3prion3veracode3redhatcve3trendmicroblog1nuclei1cve3checkpoint_advisories3talosblog1openvas3attackerkb2cisa_kev2nessus2redhat1thn2cisa1kitploit1qualysblog1