12 matches found
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution Exploit
Exploit for java platform in category web applications !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49,...
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
!/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49, Pipeline: Declarative=v1.3.4, Pipeline:...
Jenkins Script Security 1.49 / Declarative 1.3.4 / Groovy 2.60 Remote Code Execution
!/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49, Pipeline: Declarative=v1.3.4, Pipeline:...
Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution
Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on :...
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
Jenkins 任意文件读取漏洞(CVE-2018-1999002)
SECURITY-914 / CVE-2018-1999002 An arbitrary file read vulnerability in the Stapler web framework used by Jenkins allowed unauthenticated users to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master process has access to. Input...
Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
CVE-2018-1999002
CVE-2018-1999002 is an arbitrary file read vulnerability in Jenkins prior to 2.133 (and 2.121.1 and earlier for some builds) via the Stapler web framework. The issue arises from how Stapler handles crafted HTTP requests, allowing an unauthenticated or low-privilege attacker to read files on the J...
FreeBSD : jenkins -- multiple vulnerabilities (20a1881e-8a9e-11e8-bddf-d017c2ca229d)
Jenkins Security Advisory : DescriptionHigh SECURITY-897 / CVE-2018-1999001 Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart High SECURITY-914 / CVE-2018-1999002 Arbitrary file read vulnerability Medium SECURITY-891 / CVE-2018-1999003...