CVE-2019-1003000 - Jenkins Sandbox Bypass Vulnerability

[princechaddha]

Is there an existing template for this?

• [x] I have searched the existing templates.

Template requests

Description: A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment.

Severity: High (CVSS: 8.8) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

POC:

• https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
• https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION
• https://github.com/wetw0rk/Exploit-Development
• https://github.com/purple-WL/Jenkins_CVE-2019-1003000
• https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc

References:

• Jenkins Advisory
• Rapid7 Module
• Exploit DB - 46453
• Exploit DB - 46572

Shodan Query: No available Shodan query.

CPE:

• cpe:2.3:a:jenkins:script_security::::::jenkins::*
• cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*

Anything else?

No response

[princechaddha]

/bounty $100

[algora-pbc[bot]]

💎 $100 bounty • ProjectDiscovery Bounty Available for CVE Template Contribution

Steps to Contribute:

• Claim attempt: Comment /attempt #10892 on this issue to claim attempt.
• Write the Template: Create a high-quality Nuclei template for the specified CVE, following our Contribution Guidelines and Acceptance Criteria.
• Submit the Template: Open a pull request (PR) to projectdiscovery/nuclei-templates and include /claim #10892 in the PR body to claim the bounty.
• Receive Payment: Upon successful merge of your PR, you will receive 100% of the bounty through Algora.io within 2-5 days. Ensure you are eligible for payouts.

Thank you for contributing to projectdiscovery/nuclei-templates and helping us democratize security!

Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation. Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. You can check the FAQ for the Nuclei Templates Community Rewards Program here.

Add a bounty • Share on socials

Attempt	Started (GMT+0)	Solution
🔴 @mobley-trent	Oct 16, 2024, 9:01:30 AM	WIP
🔴 @daffainfo	Oct 23, 2024, 12:58:03 PM	WIP
🟢 @sttlr	Oct 24, 2024, 11:59:08 AM	#11095

[mobley-trent]

/attempt #10892

Algora profile	Completed bounties	Tech	Active attempts	Options
@mobley-trent	10 bounties from 5 projects	Python, Rust, Jupyter Notebook		Cancel attempt

[algora-pbc[bot]]

@mobley-trent: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏

[daffainfo]

/attempt #10892

Options

• Cancel my attempt

[algora-pbc[bot]]

[!NOTE] The user @mobley-trent is already attempting to complete issue #10892 and claim the bounty. We recommend checking in on @mobley-trent's progress, and potentially collaborating, before starting a new solution.

[algora-pbc[bot]]

The bounty is up for grabs! Everyone is welcome to /attempt #10892 🙌

[sttlr]

/attempt #10892

Algora profile	Completed bounties	Tech	Active attempts	Options
@sttlr	1 projectdiscovery bounty	JavaScript, Shell, Go & more		Cancel attempt

[algora-pbc[bot]]

💡 @sttlr submitted a pull request that claims the bounty. You can visit your bounty board to reward.