Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1003002 — Static Code Injection in Jenkins Pipeline

CWE-96 — Static Code Injection10 documents9 sources

Severity

8.8HIGHNVD

EPSS

93.5%

top 0.18%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jenkins Pipeline Jenkins Project Pipeline Declarative Plugin Redhat Openshift Container Platform

Timeline

PublishedJan 22

Latest updateMay 13

Description

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5jenkins_project/pipeline_declarative_plugin1.3.3 and earlier

▶NVDjenkins/pipeline1.3.3

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

GHSA

Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability↗2022-05-13

▶

OSV

Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability↗2022-05-13

▶

CVEList

CVE-2019-1003002: A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1↗2019-01-22

▶

💥Exploits & PoCs

Exploit-DB

Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)↗2019-03-19

▶

Exploit-DB

Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)↗2019-02-19

▶

Metasploit

Jenkins ACL Bypass and Metaprogramming RCE↗

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-01-08↗2019-01-08

▶

Red Hat

jenkins-plugin-pipeline-model-definition: Sandbox Bypass in Pipeline: Declarative↗2019-01-08

▶

💬Community

Bugzilla

CVE-2019-1003002 jenkins-plugin-pipeline-model-definition: Sandbox Bypass in Pipeline: Declarative↗2019-01-25

▶