0xtavian - Security Researcher - Exploit Intelligence Platform

CVE-2018-1999002 NOMISEC HIGH WORKING POC

Jenkins <2.132, <2.121.1 - Info Disclosure

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

CVSS 7.5

View Code

CVE-2019-1003000 NOMISEC HIGH WORKING POC

Script Security Plugin <1.49 - RCE

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.

CVSS 8.8

View Code

CVE-2019-1003000 NOMISEC HIGH WORKING POC

Script Security Plugin <1.49 - RCE

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.

CVSS 8.8

View Code

CVE-2018-1999002 NOMISEC HIGH WORKING POC

Jenkins <2.132, <2.121.1 - Info Disclosure

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

CVSS 7.5

View Code

CVE-2018-1999002 EXPLOITDB HIGH python WORKING POC

Jenkins <2.132, <2.121.1 - Info Disclosure

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

CVSS 7.5

View Code

CVE-2019-1003000 EXPLOITDB HIGH python WORKING POC

Script Security Plugin <1.49 - RCE

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.

CVSS 8.8

View Code