CVE-2019-1003034

A flaw was found in the Jenkins Job DSL plugin. Parsing, compilation, and script instantiations provided by a crafted Groovy script could escape the sandbox allowing users to execute arbitrary code on the Jenkins master. The highest risk from this vulnerability is to data confidentiality and...

Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution Exploit #RCE

Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal...

CVE-2019-1003005

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result i...

PT-2019-2297 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.50 and earlier Description: The issue is related to errors in handling Groovy scripts, which can be exploited by a remote attacker to bypass the sandbox and execute arbitrary code on the Jenkins maste...

PT-2019-11304 · Jenkins · Jenkins Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Groovy Plugin versions 2.0 and earlier Description: A sandbox bypass issue allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint, resulting in arbitrary code execution on the Jenkins master JVM...

Remote Code Execution (RCE)

jenkins is vulnerable to remote code execution. It was found that the combination filter Groovy script could allow a remote attacker to potentially execute arbitrary code on a Jenkins master...

jenkins: Combination filter Groovy script unsecured (SECURITY-125)

It was found that the combination filter Groovy script could allow a remote attacker to potentially execute arbitrary code on a Jenkins master...

CloudBees Jenkins CI and LTS Scripting Vulnerabilities

CloudBees Jenkins CI formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI. A security vulnerability exists in the Combination filter Groovy script in CloudBees Jenkins CI...

Design/Logic Flaw

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors...

CVE-2015-1806

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors...

jenkins: Combination filter Groovy script unsecured (SECURITY-125)

It was found that the combination filter Groovy script could allow a remote attacker to potentially execute arbitrary code on a Jenkins master...

On elasticsearch1. 4. 3 The following version of the security vulnerabilities in the attack process reproducibility-vulnerability warning-the black bar safety net

elasticsearch1. 4. 3 The following are a few version you can execute groovy scripts, this is after the use can directly call the Windows cmd command and linux shell. Online there are some articles, but writing is not enough ground gas, and here I reproduce this vulnerability during the attack,...

Elasticsearch Groovy Script RCE

The Elasticsearch application hosted on the remote web server is affected by a remote code execution vulnerability due to unspecified flaws in the Groovy script engine. A remote unauthenticated attacker, using a specially crafted request, can escape the sandbox and execute arbitrary Java code. A...

FreeBSD : jenkins -- multiple vulnerabilities (7480b6ac-adf1-443e-a33c-3a3c0becba1e)

Kohsuke Kawaguchi from Jenkins team reports : DescriptionSECURITY-125 Combination filter Groovy script unsecured This vulnerability allows users with the job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. SECURITY-162 directory traversal...

jenkins -- multiple vulnerabilities

Kohsuke Kawaguchi from Jenkins team reports: Description SECURITY-125 Combination filter Groovy script unsecured This vulnerability allows users with the job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. SECURITY-162 directory traversal...

Jenkins-CI Script-Console Java Execution

This module uses the Jenkins-CI Groovy script console to execute OS commands using Java. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins-CI Script-Console Java Execution', 'Description'...

CVE-2013-6366

The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime.exec call...

VMware Hyperic HQ Groovy Script-Console - Java Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'VMware Hyperic HQ...

Jenkins - Script-Console Java Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Jenkins...