admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-12-16 20:27:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-1003000.md
0xMarcio d4008b737b Update CVE sources 2024-08-15 18:54
2024-08-15 18:54:34 +00:00

63 lines
2.9 KiB
Markdown
Raw Blame History

### [CVE-2019-1003000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003000)
![](https://img.shields.io/static/v1?label=Product&message=Script%20Security%20Plugin&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.49%20and%20earlier%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
### POC
#### Reference
- http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/46453/
- https://www.exploit-db.com/exploits/46572/
#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/0xtavian/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
- https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/BLACKHAT-SSG/Pwn_Jenkins
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/GhostTroops/TOP
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/PetrusViet/Jenkins-bypassSandBox-RCE
- https://github.com/PwnAwan/Pwn_Jenkins
- https://github.com/Rajchowdhury420/Secure-or-Break-Jenkins
- https://github.com/SexyBeast233/SecBooks
- https://github.com/TheBeastofwar/JenkinsExploit-GUI
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
- https://github.com/anquanscan/sec-tools
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/gquere/pwn_jenkins
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/huimzjty/vulwiki
- https://github.com/jaychouzzk/-
- https://github.com/jbmihoub/all-poc
- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
- https://github.com/onewinner/VulToolsKit
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/purple-WL/Jenkins_CVE-2019-1003000
- https://github.com/reph0r/poc-exp
- https://github.com/reph0r/poc-exp-tools
- https://github.com/retr0-13/pwn_jenkins
- https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
- https://github.com/superfish9/pt
- https://github.com/trganda/starrlist
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/wetw0rk/Exploit-Development
- https://github.com/woods-sega/woodswiki
Reference in New Issue View Git Blame Copy Permalink