Lucene search
K

10 matches found

Gitee
Gitee
added 2021/02/07 3:45 p.m.6 views

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002: Script Security, Pipeline: Groovy, Pipeline: Declarative. This PoC allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox protection and execute arbitrary code on the Jenkins...

8.8CVSS8.6AI score0.98428EPSS
Exploits17
Gitee
Gitee
added 2020/07/18 11:27 p.m.4 views

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins in Jenkins. This exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox...

8.8CVSS8AI score0.98428EPSS
Exploits17
Check Point Advisories
Check Point Advisories
added 2020/02/11 12:0 a.m.6 views

Jenkins Pipeline Groovy Remote Code Execution (CVE-2019-1003001)

A remote code execution vulnerability exists in Jenkins pipeline groovy. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.3AI score0.86224EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.153 views

Jenkins Security Advisory 2019-01-08 Multiple Vulnerabilities

Jenkins running on the remote web server has one or more plugins affected by following vulnerabilities: - A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers...

8.8CVSS7.7AI score0.98428EPSS
Exploits17References4
Packet Storm
Packet Storm
added 2019/03/19 12:0 a.m.111 views

Jenkins ACL Bypass / Metaprogramming Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins ACL Bypass and Metaprogramming RCE', 'Description' = %q This module exploits a vulnerability in Jenkins dynamic routing to bypass the...

6.5CVSS0.8AI score0.98428EPSS
Exploits17
0day.today
0day.today
added 2019/03/19 12:0 a.m.294 views

Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE Exploit

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of...

8.8CVSS0.1AI score0.98428EPSS
Exploits17
Circl
Circl
added 2019/02/19 12:0 a.m.33 views

CVE-2019-1003001

creationtimestamp| type| source ---|---|--- 2019-02-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46427 2019-03-18 12:37:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkinsmetaprogramming.rb 2019-03-19 00:00:00+00:00|...

8.8CVSS6.7AI score0.86224EPSS
Exploits9References5
NVD
NVD
added 2019/01/22 2:29 p.m.17 views

CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...

8.8CVSS8.9AI score0.86224EPSS
Exploits9References6
Cvelist
Cvelist
added 2019/01/22 2:0 p.m.23 views

CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...

8.9AI score0.86224EPSS
Exploits9References6
CVE
CVE
added 2019/01/22 2:0 p.m.192 views

CVE-2019-1003001

Summary (CVE-2019-1003001) : Jenkins Pipeline: Groovy Plugin 2.61 and earlier contains a sandbox bypass that lets attackers with Overall/Read permission supply a pipeline script via an HTTP endpoint, enabling arbitrary code execution on the Jenkins master JVM. The issue arises from unsafe script ...

8.8CVSS8.8AI score0.86224EPSS
Exploits9References6Affected Software1
Rows per page
Query Builder