1NTheKut

2 exploits Active since Dec 2018

CVE-2019-1003000 NOMISEC HIGH WORKING POC

Script Security Plugin <1.49 - RCE

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.

4 stars

CVSS 8.8

View Code

CVE-2018-1000861 NOMISEC CRITICAL WORKING POC

Jenkins <2.153 - RCE

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

4 stars

CVSS 9.8

View Code