CVE-2019-1003005

HIGH

Jenkins Script Security Plugin <1.50 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1003005. PoCs published by Orange Tsai, Mikhail Egorov, George Noseevich, wvu, including Metasploit module exploits/multi/http/jenkins_metaprogramming.

AI-analyzed exploit summary This Metasploit module exploits CVE-2019-1003005 in Jenkins by bypassing ACLs via dynamic routing and leveraging Groovy metaprogramming to achieve remote code execution (RCE). It supports two targets: Unix in-memory execution and Java dropper payloads.

Description

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Orange Tsai, Mikhail Egorov, George Noseevich, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkins_metaprogramming.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2019-1003005 in Jenkins by bypassing ACLs via dynamic routing and leveraging Groovy metaprogramming to achieve remote code execution (RCE). It supports two targets: Unix in-memory execution and Java dropper payloads.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins <= 2.137

No auth needed

Prerequisites: Jenkins instance with vulnerable version · Network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1292

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:0739

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.1904

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

jenkins/script_security < 1.50

org.jenkins-ci.plugins/script-security 0 - 1.51Maven

Published Feb 06, 2019

Tracked Since Feb 18, 2026