VDB

GCVE-110-OSM-2020-2

GCVE-110-OSM-2020-2
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published December 27, 2020
Brandjacking attack impersonating Jenkins Mail Watcher Plugin. Contains backdoor targeting Jenkins build servers, enabling remote code execution via Groovy script injection. Backdoor in send() method of MailWatcherNotification.class. Downloads and evaluates arbitrary Groovy scripts from hardcoded C2 server on every mail notification event. Enables persistent access to Jenkins build infrastructure. Published as both JAR and HPI packages. SHA1 v1.16: a52a4d23429861a16cfa621945096b14b60746f6, SHA1 v1.17: 08e7183a431683c3d516e7687552055326b03948

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownmail-watcher-plugin

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›