This exploit demonstrates a CSRF vulnerability and command execution in Jenkins via the script console. The CSRF payload manipulates credential-store endpoints, while the Groovy script reads and modifies a system file (Services.msc).
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:Jenkins 1.578
No auth needed
Prerequisites:Access to Jenkins script console · CSRF attack vector (e.g., tricking an admin into submitting the form)