CVE-2018-1000408

MEDIUM

Jenkins ACL Bypass and Metaprogramming RCE

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1000408. PoCs published by Orange Tsai, Mikhail Egorov, George Noseevich, wvu, including Metasploit module exploits/multi/http/jenkins_metaprogramming.

AI-analyzed exploit summary This Metasploit module exploits an ACL bypass and Groovy metaprogramming vulnerability in Jenkins to achieve remote code execution. It leverages dynamic routing to bypass authentication and executes arbitrary commands via crafted Groovy scripts.

Description

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Orange Tsai, Mikhail Egorov, George Noseevich, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkins_metaprogramming.rb

View Code ZIP pw:eip

This Metasploit module exploits an ACL bypass and Groovy metaprogramming vulnerability in Jenkins to achieve remote code execution. It leverages dynamic routing to bypass authentication and executes arbitrary commands via crafted Groovy scripts.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins <= 2.137

No auth needed

Prerequisites: Jenkins instance with vulnerable version · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106532

Scores

CVSS v3 6.5

EPSS 0.0147

EPSS Percentile 70.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Details

Status published

Products (3)

jenkins/jenkins < 2.138.1

jenkins/jenkins < 2.145

org.jenkins-ci.main/jenkins-core 0 - 2.138.2Maven

Published Jan 09, 2019

Tracked Since Feb 18, 2026