Lucene search
K

10 matches found

Gitee
Gitee
added 2021/02/07 3:45 p.m.6 views

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002: Script Security, Pipeline: Groovy, Pipeline: Declarative. This PoC allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox protection and execute arbitrary code on the Jenkins...

8.8CVSS8.6AI score0.98428EPSS
Exploits17
Gitee
Gitee
added 2020/07/18 11:27 p.m.4 views

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins in Jenkins. This exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox...

8.8CVSS8AI score0.98428EPSS
Exploits17
Check Point Advisories
Check Point Advisories
added 2020/02/11 12:0 a.m.6 views

Jenkins Pipeline Groovy Remote Code Execution (CVE-2019-1003001)

A remote code execution vulnerability exists in Jenkins pipeline groovy. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.3AI score0.86224EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.159 views

Jenkins Security Advisory 2019-01-08 Multiple Vulnerabilities

Jenkins running on the remote web server has one or more plugins affected by following vulnerabilities: - A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers...

8.8CVSS7.7AI score0.98428EPSS
Exploits17References4
Packet Storm
Packet Storm
added 2019/03/19 12:0 a.m.112 views

Jenkins ACL Bypass / Metaprogramming Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins ACL Bypass and Metaprogramming RCE', 'Description' = %q This module exploits a vulnerability in Jenkins dynamic routing to bypass the...

6.5CVSS0.8AI score0.98428EPSS
Exploits17
0day.today
0day.today
added 2019/03/19 12:0 a.m.294 views

Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE Exploit

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of...

8.8CVSS0.1AI score0.98428EPSS
Exploits17
Circl
Circl
added 2019/02/19 12:0 a.m.40 views

CVE-2019-1003001

creationtimestamp| type| source ---|---|--- 2019-02-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46427 2019-03-18 12:37:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkinsmetaprogramming.rb 2019-03-19 00:00:00+00:00|...

8.8CVSS6.7AI score0.86224EPSS
Exploits9References5
NVD
NVD
added 2019/01/22 2:29 p.m.18 views

CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...

8.8CVSS8.9AI score0.86224EPSS
Exploits9References6
CVE
CVE
added 2019/01/22 2:0 p.m.192 views

CVE-2019-1003001

Summary (CVE-2019-1003001) : Jenkins Pipeline: Groovy Plugin 2.61 and earlier contains a sandbox bypass that lets attackers with Overall/Read permission supply a pipeline script via an HTTP endpoint, enabling arbitrary code execution on the Jenkins master JVM. The issue arises from unsafe script ...

8.8CVSS8.8AI score0.86224EPSS
Exploits9References6Affected Software1
Cvelist
Cvelist
added 2019/01/22 2:0 p.m.23 views

CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...

8.9AI score0.86224EPSS
Exploits9References6
Rows per page
Query Builder