exploit the possibilities
Showing 1 - 25 of 57 RSS Feed

Files

Jenkins 2.63 Sandbox Bypass
Posted Oct 19, 2020
Authored by dmw0ng

Jenkins version 2.63 suffers from a sandbox bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2019-1003030
SHA-256 | ccdda4d633e906d159b3fb007dd5d46967f0b0fc3e8f033a0e07df0b6acc06e4

Related Files

Jenkins Remote Code Execution
Posted Apr 20, 2022
Authored by Orange Tsai | Site github.com

Jenkins exploit that chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution. Jenkins versions below 2.138 are affected.

tags | exploit, remote, code execution
advisories | CVE-2018-1000861, CVE-2019-1003005, CVE-2019-1003029
SHA-256 | 88ba245224ecb5e377bcb871672d6537579b9aeac8cedbca083b7f571fa1faea
Jenkins 2.251 / LTS 2.235.3 Cross Site Scripting
Posted Dec 18, 2020
Authored by gx1

Jenkins versions 2.251 and below and LTS 2.235.3 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-2231
SHA-256 | fe78de531ac764992ae8de65e10f60a4d5a3ae82a3af279a85c1daa0d31531ec
Jenkins 2.235.3 Cross Site Scripting
Posted Dec 11, 2020
Authored by gx1

Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-2229, CVE-2020-2230
SHA-256 | 5ae48804e53b05b0959fb9da096cca0880a8cea84800e7c45b02f24e07a2393d
Red Hat Security Advisory 2020-4223-01
Posted Oct 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4223-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-17638, CVE-2020-2229, CVE-2020-2230, CVE-2020-2231
SHA-256 | 0a0c1e6d82b3f3d1ef7c4e264d5405abd9b644db1717e648010b8853d8377c2f
Red Hat Security Advisory 2020-3841-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3841-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-17638, CVE-2020-2229, CVE-2020-2230, CVE-2020-2231
SHA-256 | 77a91d7eb8ec634429339830c6925d60cfecc790452b9ca6402775e98428831d
Red Hat Security Advisory 2020-3808-01
Posted Sep 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3808-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223, CVE-2020-8557
SHA-256 | b7331aff073d815f6e01e6459b93fa13ca828d759222d2f6c43a4863d4cf35ab
Jenkins 2.56 CLI Deserialization / Code Execution
Posted Sep 22, 2020
Authored by Shelby Pace, SSD | Site metasploit.com

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target.

tags | exploit, java, code execution
advisories | CVE-2017-1000353
SHA-256 | 3729c358cb302e4f78e19a3ad5a83bfe54ed6e185ea35041abb6038c065373da
Red Hat Security Advisory 2020-3541-01
Posted Aug 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3541-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2019-16541, CVE-2020-13757, CVE-2020-1741, CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
SHA-256 | 42d044757ced55aee7edf9844bfad23fe95bf3c3141361f974b7050950a43c55
Red Hat Security Advisory 2020-3519-01
Posted Aug 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3519-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223, CVE-2020-8557
SHA-256 | 03d7ebc42a5ee8eb1819704cae98ab2247d034dafe7ee3357bc00074d0307709
Red Hat Security Advisory 2020-3453-01
Posted Aug 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3453-01 - The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2020-13757, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
SHA-256 | dcba8ed7be6bf93cafc80deff5dd57772dc8ea7c104f758c6b9f084ddded22ca
Red Hat Security Advisory 2020-0964-01
Posted Mar 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0964-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-2167
SHA-256 | 0bbc6d0b1340b9e1e77661f6fd3104f23b4bfa6e941e551e8c264a9869530430
Jenkins Gitlab Hook 1.4.2 Cross Site Scripting
Posted Jan 16, 2020
Authored by Ai Ho

Jenkins Gitlab Hook plugin version 1.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-2096
SHA-256 | 38931217cabd4d17c01cf04d878ac4d8c49d23973f783f5ba2fd442676454822
Jenkins Build-Metrics 1.3 Cross Site Scripting
Posted Nov 8, 2019
Authored by vesche

Jenkins Build-Metrics plugin version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-10475
SHA-256 | d418e19ba81cb0adbe7e003d7fa890804d64f4a2cbb72d771a4bdb298fb673cb
Red Hat Security Advisory 2019-3144-01
Posted Oct 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3144-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by CRON. This advisory contains the updated jenkins RPM package for Red Hat OpenShift Container Platform 3.11. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10383, CVE-2019-10384
SHA-256 | 3884936d40d62626ae2afd0fd378d13ff22c620e26e53620b6b1411cd943ba22
Red Hat Security Advisory 2019-2789-01
Posted Sep 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2789-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10383, CVE-2019-10384
SHA-256 | 645b7f82dec2c865a3d8af48ba736384ebc85c45fee196f34641463822691a36
Red Hat Security Advisory 2019-2662-01
Posted Sep 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2662-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-10355, CVE-2019-10356, CVE-2019-10357
SHA-256 | 6fece9cfa8e21396eb29dc690d56ca4aa2cfc555efbd536bfd6c1280e18c70cc
Jenkins Groovy Scripts For Red Teamers And Penetration Testers
Posted Sep 10, 2019
Authored by Marco Ortisi, Ahmad Mahfouz

Whitepaper called Jenkins Groovy Scripts for Red Teamers and Penetration Testers.

tags | paper
SHA-256 | 5e6b7c106c03710dff448e081a389d32962fea27101a434d73669f8d4d9365e2
Red Hat Security Advisory 2019-2651-01
Posted Sep 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2651-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-10355, CVE-2019-10356, CVE-2019-10357
SHA-256 | df767c3bd54e617fd6f47d5b82d6ec2199aa705ea592deecc555c95625d6a2b4
Red Hat Security Advisory 2019-2548-01
Posted Aug 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2548-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10352, CVE-2019-10353, CVE-2019-10354
SHA-256 | 4345dc1d608a0488b324d4434e2cfb1c27a4314f6530857a03a16fd149420252
Red Hat Security Advisory 2019-2503-01
Posted Aug 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2503-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10352, CVE-2019-10353, CVE-2019-10354
SHA-256 | f012531b1f32448bfdd5aa2590a61478d680886552a677c76a300f1e28deabbb
Jenkins Dependency Graph View 0.13 Cross Site Scripting
Posted Jul 12, 2019
Authored by Ishaq Mohammed

Jenkins Dependency Graph View plugin version 0.13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-10349
SHA-256 | cd5ffe501243df3312d0721d5cd596bee99b0e8d2898b76aa16162fd57fb796c
Red Hat Security Advisory 2019-1636-01
Posted Jul 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1636-01 - This advisory contains the jenkins-2-plugins RPM packages for Red Hat OpenShift Container Platform 4.1.4. Various issues have been addressed including a file read vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10320, CVE-2019-10328, CVE-2019-10337
SHA-256 | 35932583ad3607db55d6071f2438a343dec4f7239b799a8085c9aa5f046b14c9
Red Hat Security Advisory 2019-1423-01
Posted Jun 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1423-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-1003040, CVE-2019-1003041, CVE-2019-1003042
SHA-256 | 302e9f6fdcd1f882db8880e348723a0684e1677aa46f21cf84c2959993ce2923
Red Hat Security Advisory 2019-0739-01
Posted Apr 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0739-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-workflow-cps: Sandbox bypass in pipeline: Groovy plug-in jenkins-matrix-project-plugin: Sandbox bypass in matrix project plug-in jenkins-job-dsl-plugin: Script security sandbox bypass in job DSL plug-in. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-1003005, CVE-2019-1003024, CVE-2019-1003029, CVE-2019-1003030, CVE-2019-1003031, CVE-2019-1003034
SHA-256 | 3521bc8e3160f9a4e993455be4fa77b9faf7799c4a87c9cd5848b70126953609
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
Posted Mar 19, 2019
Authored by Orange Tsai, wvu | Site metasploit.com

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.

tags | exploit
advisories | CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002
SHA-256 | 1fa7a0581a082a2a0c1e14681f05b88994d45c7f8daeb7fbed7b6dacc77b9a72
Page 1 of 3
Back123Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close