Exploit for #VU16575 Improper input validation in Jenkins

Exploit for #VU16575 Improper input validation in Jenkins

Published: 2020-03-18 | Updated: 2023-09-13

Vulnerability identifier: #VU16575

Vulnerability risk: High

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-1000861

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 3

September 13, 2023
- CVE-2018-1000861 (CVE-2018-1000861 Exploit) [Github]
April 7, 2020
- cve-2019-1003000-jenkins-rce-poc (Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)) [Github]
March 18, 2020
- Jenkins ACL Bypass and Metaprogramming RCE [Metasploit]

Impact: Code execution

Vulnerable software:
Jenkins
Server applications / Application servers

Vendor: Jenkins