Apache Groovy versions 1.7.0 through 2.4.3 suffer from a code execution vulnerability.
ba3362ad045e055e508294087e6389c8708ee8327d2b1bc0df1c1fa28f01120bThis Metasploit module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint.
5c0db542beea98b42c60393d60ff136e823dca9b8c1933fb194541ebcc3d1e48Whitepaper called Jenkins Groovy Scripts for Red Teamers and Penetration Testers.
5e6b7c106c03710dff448e081a389d32962fea27101a434d73669f8d4d9365e2Red Hat Security Advisory 2019-0739-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-workflow-cps: Sandbox bypass in pipeline: Groovy plug-in jenkins-matrix-project-plugin: Sandbox bypass in matrix project plug-in jenkins-job-dsl-plugin: Script security sandbox bypass in job DSL plug-in. Issues addressed include a bypass vulnerability.
3521bc8e3160f9a4e993455be4fa77b9faf7799c4a87c9cd5848b70126953609This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.
1fa7a0581a082a2a0c1e14681f05b88994d45c7f8daeb7fbed7b6dacc77b9a72This Metasploit module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy script can execute commands on the system via a [command].execute() call. Valid credentials for an application administrator user account are required. This module has been tested successfully with Liferay CE Portal Tomcat 7.1.2 ga3 on Debian 4.9.18-1kali1 system.
3f493346c1e9eb0567ff5a73ec406ade5fe2deff6c0f318670247793c4d63a4dJenkins plugins Script Security version 1.49, Declarative version 1.3.4, and Groovy version 2.60 suffer from a code execution vulnerability.
1464739307633b75e322eb2e0907ec7933ce2f124fc0c0718f3077cf93613a62This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default installations. Authentication is not required to exploit the vulnerability.
52a40982d2eed44b68632a3f6deca119172cfb8a682bb8fd52169cc4b2182bbaRed Hat Security Advisory 2017-2596-01 - Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java. Security Fix: Multiple object deserialization flaws were discovered in the MethodClosure class in Groovy. A specially crafted serialized object deserialized by an application using the Groovy library could cause the application to execute arbitrary code.
9a3fe90d165c0f480786cf6cfcb7b902170219f6b47a31b1d9f3126027706526Red Hat Security Advisory 2017-2486-01 - Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java. Security Fix: It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.
a1fd88ee9b98684c5d3a03d061cbff1448a3466d1e203a555c8ccdfda02aa6c0Joomla Groovy Gallery component version 1.0.0 suffers from a remote SQL injection vulnerability.
2cd4d05cbe2fc0df8ebfd27f3e7c957eb5d2ac7ab07b16a16c5814c67891b79eGentoo Linux Security Advisory 201610-1 - Groovy is vulnerable to a remote execution of arbitrary code when java serialization is used. Versions less than 2.4.5 are affected.
c05aa1be21d3af2d387c9ec0850685c07159f109df4242b85beb4fb7a4777256Red Hat Security Advisory 2015-2558-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This release of Red Hat JBoss Fuse Service Works 6.2.1 serves as a replacement for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are fixed with this release: A flaw was discovered that when an application uses Groovy and uses the standard Java serialization mechanism, an attacker can bake a special serialized object that executes code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.
1f63b4efd1d1fc7ee6d8922bf1f514818f400e5a6fa74ef50cd2ef956ecb5966This Metasploit module exploits a remote command execution (RCE) vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox can be bypassed using java.lang.Math.class.forName to reference arbitrary classes. It can be used to execute arbitrary Java code. This Metasploit module has been tested successfully on ElasticSearch 1.4.2 on Ubuntu Server 12.04.
176b7335ffc0f7911e7044aabe3ffc56753a9bee674eb8ec914eebc3bc9e46faElasticsearch versions 1.3.0 through 1.3.7 and 1.4.0 through 1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.
66145cb4fc4b97a9b78472aa53007c7b5848d4c52871e4d2f47327bd5f50ccaeThis Metasploit module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This Metasploit module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04 systems.
f310cc67584ebfece0fb02e5b0b15c7748e4537dd7eb3d17e3d681399a54630cGroovy Media Player version 3.2.0 suffers from a buffer overflow vulnerability.
154fba6d11b45be152dff83491133c68afd025c1107e9ca14a9bf8a9782ae56bThis Metasploit module uses the Jenkins Groovy script console to execute OS commands using Java.
d399ceb32f8d20399dd647bec028b96de469f3d117d253352dc348ede3915dd0Groovy Media Player version 2.6.0 local buffer overflow proof of concept exploit that creates a malicious .m3u file.
2296a6c0a9772a83268cee88e8415f7949feef813f63d26a7c862df51c86c8d0Groovy Media Player version 1.2.0 local buffer overflow proof of concept exploit that creates a malicious .m3u file.
da1df7b729e312b47d0116c4f7e1c577aba1585b4fcdef5369e83477e3eed691Groovy Media Player version 1.1.0 local stack overflow proof of concept exploit that creates a malicious .m3u file.
470fde86fc3b1e749c940121d5601900859a825312ecca378d2471e15adc9456
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed