Description
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Exploits (1)
metasploit
WORKING POC
EXCELLENT
by Orange Tsai, Mikhail Egorov, George Noseevich, wvu · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkins_metaprogramming.rb
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1292
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0739
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html
Scores
CVSS v3
8.8
EPSS
0.7419
EPSS Percentile
98.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
jenkins/script_security
< 1.50
org.jenkins-ci.plugins/script-security
0 - 1.51Maven
Published
Feb 06, 2019
Tracked Since
Feb 18, 2026