CVE-2019-1003002

HIGH

Pipeline: Declarative Plugin <1.3.3 - RCE

Title source: llm

Description

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/46572

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by orange · textwebappsjava

https://www.exploit-db.com/exploits/46427

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Orange Tsai, Mikhail Egorov, George Noseevich, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkins_metaprogramming.rb

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html

[Third Party Advisory] http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming

[Third Party Advisory] https://access.redhat.com/errata/RHBA-2019:0326

[Third Party Advisory] https://access.redhat.com/errata/RHBA-2019:0327

[Vendor Advisory] https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46572/

Scores

CVSS v3 8.8

EPSS 0.9345

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

jenkins/pipeline\ < 1.3.3

org.jenkinsci.plugins/pipeline-model-definition 0 - 1.3.4.1Maven

redhat/openshift_container_platform 3.11

Published Jan 22, 2019

Tracked Since Feb 18, 2026