what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2019-1003005

Status Candidate

Overview

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Related Files

Jenkins Remote Code Execution
Posted Apr 20, 2022
Authored by Orange Tsai | Site github.com

Jenkins exploit that chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution. Jenkins versions below 2.138 are affected.

tags | exploit, remote, code execution
advisories | CVE-2018-1000861, CVE-2019-1003005, CVE-2019-1003029
SHA-256 | 88ba245224ecb5e377bcb871672d6537579b9aeac8cedbca083b7f571fa1faea
Download | Favorite | View
Red Hat Security Advisory 2019-0739-01
Posted Apr 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0739-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-workflow-cps: Sandbox bypass in pipeline: Groovy plug-in jenkins-matrix-project-plugin: Sandbox bypass in matrix project plug-in jenkins-job-dsl-plugin: Script security sandbox bypass in job DSL plug-in. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-1003005, CVE-2019-1003024, CVE-2019-1003029, CVE-2019-1003030, CVE-2019-1003031, CVE-2019-1003034
SHA-256 | 3521bc8e3160f9a4e993455be4fa77b9faf7799c4a87c9cd5848b70126953609
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    5 Files
  • 26
    Jun 26th
    13 Files
  • 27
    Jun 27th
    42 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close