Lucene search
K

12 matches found

0day.today
0day.today
added 2019/02/25 12:0 a.m.86 views

Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution Exploit

Exploit for java platform in category web applications !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49,...

9AI score0.98428EPSS
Exploits18
Exploit DB
Exploit DB
added 2019/02/25 12:0 a.m.187 views

Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution

!/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49, Pipeline: Declarative=v1.3.4, Pipeline:...

8.8CVSS8.2AI score0.98428EPSS
Exploits17
Packet Storm
Packet Storm
added 2019/02/25 12:0 a.m.86 views

Jenkins Script Security 1.49 / Declarative 1.3.4 / Groovy 2.60 Remote Code Execution

!/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49, Pipeline: Declarative=v1.3.4, Pipeline:...

6.5CVSS8.2AI score0.98428EPSS
Exploits17
exploitpack
exploitpack
added 2019/02/25 12:0 a.m.108 views

Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution

Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on :...

6.5CVSS8.4AI score0.98428EPSS
Exploits17
RedhatCVE
RedhatCVE
added 2018/07/30 3:50 a.m.28 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.5CVSS3.5AI score0.86641EPSS
Exploits7References2
seebug.org
seebug.org
added 2018/07/26 12:0 a.m.715 views

Jenkins 任意文件读取漏洞(CVE-2018-1999002)

SECURITY-914 / CVE-2018-1999002 An arbitrary file read vulnerability in the Stapler web framework used by Jenkins allowed unauthenticated users to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master process has access to. Input...

8.1AI score0.86641EPSS
Exploits7
OpenVAS
OpenVAS
added 2018/07/24 12:0 a.m.106 views

Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS5.4AI score0.86641EPSS
Exploits8References1
OpenVAS
OpenVAS
added 2018/07/24 12:0 a.m.139 views

Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS5.4AI score0.86641EPSS
Exploits8References1
OSV
OSV
added 2018/07/23 7:29 p.m.19 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.5CVSS6.5AI score
Exploits0References3
Cvelist
Cvelist
added 2018/07/23 7:0 p.m.27 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.9AI score0.86641EPSS
Exploits7References3
CVE
CVE
added 2018/07/23 7:0 p.m.228 views

CVE-2018-1999002

CVE-2018-1999002 is an arbitrary file read vulnerability in Jenkins prior to 2.133 (and 2.121.1 and earlier for some builds) via the Stapler web framework. The issue arises from how Stapler handles crafted HTTP requests, allowing an unauthenticated or low-privilege attacker to read files on the J...

7.5CVSS7.7AI score0.86641EPSS
Exploits7References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/07/20 12:0 a.m.86 views

FreeBSD : jenkins -- multiple vulnerabilities (20a1881e-8a9e-11e8-bddf-d017c2ca229d)

Jenkins Security Advisory : DescriptionHigh SECURITY-897 / CVE-2018-1999001 Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart High SECURITY-914 / CVE-2018-1999002 Arbitrary file read vulnerability Medium SECURITY-891 / CVE-2018-1999003...

8.8CVSS5.5AI score0.86641EPSS
Exploits8References9
Rows per page
Query Builder