cve/2019/CVE-2019-1003000.md

### [CVE-2019-1003000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003000)
![](https://img.shields.io/static/v1?label=Product&message=Script%20Security%20Plugin&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.49%20and%20earlier%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.

### POC

#### Reference
- http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/46453/
- https://www.exploit-db.com/exploits/46572/

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/0xtavian/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
- https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/BLACKHAT-SSG/Pwn_Jenkins
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/GhostTroops/TOP
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/PetrusViet/Jenkins-bypassSandBox-RCE
- https://github.com/PwnAwan/Pwn_Jenkins
- https://github.com/Rajchowdhury420/Secure-or-Break-Jenkins
- https://github.com/SexyBeast233/SecBooks
- https://github.com/TheBeastofwar/JenkinsExploit-GUI
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
- https://github.com/anquanscan/sec-tools
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/gquere/pwn_jenkins
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/huimzjty/vulwiki
- https://github.com/jaychouzzk/-
- https://github.com/jbmihoub/all-poc
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/purple-WL/Jenkins_CVE-2019-1003000
- https://github.com/reph0r/poc-exp
- https://github.com/reph0r/poc-exp-tools
- https://github.com/retr0-13/pwn_jenkins
- https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
- https://github.com/superfish9/pt
- https://github.com/trganda/starrlist
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/wetw0rk/Exploit-Development
- https://github.com/woods-sega/woodswiki
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-1003000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003000)`
			`![](https://img.shields.io/static/v1?label=Product&message=Script%20Security%20Plugin&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%201.49%20and%20earlier%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html`
			`- https://www.exploit-db.com/exploits/46453/`
			`- https://www.exploit-db.com/exploits/46572/`

			`#### Github`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/0xtavian/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins`
			`- https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION`
			`- https://github.com/20142995/pocsuite3`
			`- https://github.com/20142995/sectool`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/BLACKHAT-SSG/Pwn_Jenkins`
			`- https://github.com/CVEDB/PoC-List`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/HimmelAward/Goby_POC`
			`- https://github.com/JERRY123S/all-poc`
			`- https://github.com/PetrusViet/Jenkins-bypassSandBox-RCE`
			`- https://github.com/PwnAwan/Pwn_Jenkins`
			`- https://github.com/Rajchowdhury420/Secure-or-Break-Jenkins`
			`- https://github.com/SexyBeast233/SecBooks`
			`- https://github.com/TheBeastofwar/JenkinsExploit-GUI`
			`- https://github.com/Threekiii/Awesome-POC`
			`- https://github.com/Z0fhack/Goby_POC`
			`- https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc`
			`- https://github.com/anquanscan/sec-tools`
			`- https://github.com/cyberanand1337x/bug-bounty-2022`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/gquere/pwn_jenkins`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/hktalent/bug-bounty`
			`- https://github.com/huimzjty/vulwiki`
			`- https://github.com/jaychouzzk/-`
			`- https://github.com/jbmihoub/all-poc`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/purple-WL/Jenkins_CVE-2019-1003000`
			`- https://github.com/reph0r/poc-exp`
			`- https://github.com/reph0r/poc-exp-tools`
			`- https://github.com/retr0-13/pwn_jenkins`
			`- https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins`
			`- https://github.com/superfish9/pt`
			`- https://github.com/trganda/starrlist`
			`- https://github.com/weeka10/-hktalent-TOP`
			`- https://github.com/wetw0rk/Exploit-Development`
			`- https://github.com/woods-sega/woodswiki`