CVE-2019-1003005

Related Files

Jenkins Remote Code Execution

Posted Apr 20, 2022

Authored by Orange Tsai | Site github.com

Jenkins exploit that chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution. Jenkins versions below 2.138 are affected.

tags | exploit, remote, code execution

advisories | CVE-2018-1000861, CVE-2019-1003005, CVE-2019-1003029

SHA-256 | 88ba245224ecb5e377bcb871672d6537579b9aeac8cedbca083b7f571fa1faea

Download | Favorite | View

Red Hat Security Advisory 2019-0739-01

Posted Apr 11, 2019

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0739-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-workflow-cps: Sandbox bypass in pipeline: Groovy plug-in jenkins-matrix-project-plugin: Sandbox bypass in matrix project plug-in jenkins-job-dsl-plugin: Script security sandbox bypass in job DSL plug-in. Issues addressed include a bypass vulnerability.

tags | advisory, bypass

systems | linux, redhat

advisories | CVE-2019-1003005, CVE-2019-1003024, CVE-2019-1003029, CVE-2019-1003030, CVE-2019-1003031, CVE-2019-1003034

SHA-256 | 3521bc8e3160f9a4e993455be4fa77b9faf7799c4a87c9cd5848b70126953609

Download | Favorite | View