com.testinium.jenkins:testinium (=1.0), io.jenkins.blueocean:blueocean (>=1.0.0 <=1.2.0-beta-1) +19 more potentially affected by CVE-2019-1003002 via org.jenkinsci.plugins:pipeline-model-definition (>=0.1 <=1.3.2)

org.jenkinsci.plugins:pipeline-model-definition MAVEN version =0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =2.0.7, =1.0, =1.1.0, =1.0.0, =1.5.5 and more Source cves: CVE-2019-1003002 Source advisory: OSV:GHSA-X6JX-CXG3-MGGH...

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002: Script Security, Pipeline: Groovy, Pipeline: Declarative. This PoC allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox protection and execute arbitrary code on the Jenkins...

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins in Jenkins. This exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox...

Jenkins Security Advisory 2019-01-08 Multiple Vulnerabilities

Jenkins running on the remote web server has one or more plugins affected by following vulnerabilities: - A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers...

Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE Exploit

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of...

Jenkins ACL Bypass / Metaprogramming Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins ACL Bypass and Metaprogramming RCE', 'Description' = %q This module exploits a vulnerability in Jenkins dynamic routing to bypass the...

CVE-2019-1003002

creationtimestamp| type| source ---|---|--- 2019-02-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46427 2019-03-18 12:37:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkinsmetaprogramming.rb 2019-03-19 00:00:00+00:00|...

CVE-2019-1003002

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...

CVE-2019-1003002

CVE-2019-1003002 is a Jenkins sandbox bypass in Pipeline: Declarative Plugin