Vulnerability — CVE-2019-1003029

CVE-2019-1003029

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2019-1003029
Description:: A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
Last updated date:: 07/02/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 04/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 04/25/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/10/2019
Reference url to background: https://github.com/orangetw/awesome-jenkins-rce-2019

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/17/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkins_metaprogramming.rb