CVE-2018-1999002

HIGH

Jenkins <2.132, <2.121.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2018-1999002. PoCs published by wetw0rk, 0x6b7966, im23pds.

AI-analyzed exploit summary This exploit chains CVE-2019-1003000 and CVE-2018-1999002 to achieve pre-authentication remote code execution in Jenkins by leveraging vulnerable plugins (Pipeline: Declarative, Pipeline: Groovy, Script Security). It generates a malicious Java payload, hosts it on a local web server, and triggers its execution via a crafted HTTP request to the Jenkins server.

Description

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Exploits (5)

exploitdb WORKING POC

by wetw0rk · pythonwebappsjava

https://www.exploit-db.com/exploits/46453

View Code ZIP pw:eip

This exploit chains CVE-2019-1003000 and CVE-2018-1999002 to achieve pre-authentication remote code execution in Jenkins by leveraging vulnerable plugins (Pipeline: Declarative, Pipeline: Groovy, Script Security). It generates a malicious Java payload, hosts it on a local web server, and triggers its execution via a crafted HTTP request to the Jenkins server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins with vulnerable plugins (Pipeline: Declarative <= 1.3.4, Pipeline: Groovy <= 2.61, Script Security <= 1.49)

No auth needed

Prerequisites: Network access to the Jenkins server · Jenkins server with vulnerable plugins installed · Attacker-controlled server to host the malicious payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 75 stars

by wetw0rk · poc

https://github.com/wetw0rk/Exploit-Development

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2016-10709, targeting the HackSys Extreme Vulnerable Driver (HEVD) with a stack overflow vulnerability. The exploit includes shellcode for token stealing and privilege escalation on Windows 10 x64 systems.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: HackSys Extreme Vulnerable Driver (HEVD)

No auth needed

Prerequisites: Access to the vulnerable driver · Windows 10 x64 environment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec NO CODE

by 0x6b7966 · poc

https://github.com/0x6b7966/CVE-2018-1999002

View Code ZIP pw:eip

nomisec WORKING POC

by im23pds · poc

https://github.com/im23pds/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2018-1999002 and CVE-2019-1003000, chaining vulnerabilities in Jenkins plugins to achieve pre-authentication remote code execution via a crafted HTTP request and malicious payload delivery.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins (v2.73 with vulnerable plugins: Script Security <=1.49, Pipeline: Declarative <=1.3.4, Pipeline: Groovy <=2.61)

No auth needed

Prerequisites: Network access to target Jenkins instance · Python environment with required libraries (requests, multiprocessing) · Listener setup for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 20, 2026 Full analysis →

nomisec WORKING POC

by slowmistio · poc

https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins

View Code ZIP pw:eip

This exploit chains CVE-2019-1003000 and CVE-2018-1999002 to achieve pre-authentication remote code execution in Jenkins by leveraging vulnerable plugins (Pipeline: Declarative, Pipeline: Groovy, Script Security). It generates a malicious Java payload, hosts it via a simple HTTP server, and triggers execution via a crafted HTTP request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins (v2.73 with vulnerable plugins: Script Security <=1.49, Pipeline: Declarative <=1.3.4, Pipeline: Groovy <=2.61)

No auth needed

Prerequisites: Network access to target Jenkins instance · Vulnerable plugins installed on target · Attacker-controlled server to host payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46453/

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2022.html

Mitigation, Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914

Scores

CVSS v3 7.5

EPSS 0.9367

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (3)

jenkins/jenkins < 2.121.1

oracle/communications_cloud_native_core_automated_test_suite 1.9.0

org.jenkins-ci.main/jenkins-core 0 - 2.121.2Maven

Published Jul 23, 2018

Tracked Since Feb 18, 2026