VDB
CVE-2019-1003002
CVE-2019-1003002
PUBLISHED
CVSS 8.800000190734863 HIGH
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
EPSS 93.45% · 99.8th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
93.45%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.jenkinsci.plugins:pipeline-model-parent | 0, 0, 0 |
| Jenkins project | Pipeline: Declarative Plugin | 1.3.3 and earlier, *, 1.3.3 and earlier |
| Maven | org.jenkinsci.plugins:pipeline-model-definition | 0, 0, 0 |
Exploit Intelligence
- http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html (nist-nvd)
- https://www.exploit-db.com/exploits/46572/ (nist-nvd)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
Timeline
- Jan 22, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Sep 16, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 1, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Dec 31, 2022 EPSS Score
- Jan 1, 2023 EPSS Score
- Jan 3, 2023 EPSS Score
References
- https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266 url
- RHBA-2019:0326 vendor-advisory
- http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html url
- http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming url
- 46572 exploit
- RHBA-2019:0327 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-1003002 advisory
- https://github.com/jenkinsci/pipeline-model-definition-plugin/commit/083abd96e68fd89f556a0cd53db5f878dbf09b92 patch
- https://github.com/advisories/GHSA-x6jx-cxg3-mggh advisory