CVE-2019-1003000 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en Script Security Plugin versión 1.49 y anteriores, en src/main/java/org/jenkinsc/plugins/scriptsecurity/sandbox/ groovy/GroovySandbox.java que permite a los atacantes la capacidad de proporcionar scripts de tipo Sandbox para ejecutar código arbitrario en el Jenkins master JVM. Jenkins plugins Script Security version 1.49, Declarative version 1.3.4, and Groovy version 2.60 suffer from a code execution vulnerability. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46453 https://www.exploit-db.com/exploits/46427 https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 ht •
CVE-2019-1003001 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003001
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en Pipeline: el plugin Groovy, en la versión 2.61 y anteriores, en src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java y src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java permite a los atacantes con permisos de "Overall/Read" proporcionar un script "pipeline" a un endpoint HTTP que puede resultar en la ejecución de código arbitrario enla máquina virtual de Java maestra de Jenkins. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46427 http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266 https://jenkins.io/security/advisory/2019-01-08 https://blog. •
CVE-2019-1003002 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en Pipeline: el plugin Declarative, en la versión 1.3.3 y anteriores, en pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy permite a los atacantes con permisos de "Overall/Read" proporcionar un script "pipeline" a un endpoint HTTP que puede resultar en la ejecución de código arbitrario en la máquina virtual de Java maestra de Jenkins. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46427 http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266 https://jenkins.io/security/advisory/2019-01-08 https://blog. •
CVE-2019-1003004
https://notcve.org/view.php?id=CVE-2019-1003004
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time. Existe una vulnerabilidad de autorización incorrecta en Jenkins, en la versión 2.158 y anteriores con firmware LTS 2.150.1 y anteriores, en core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java que permite a los atacantes ampliar la duración de sesiones HTTP activas de manera indefinida, aunque la cuenta de usuario pueda haberse eliminado durante el proceso. • http://www.securityfocus.com/bid/106680 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-16/#SECURITY-901 •
CVE-2019-0542 – xterm.js: Mishandling of special characters allows for remote code execution
https://notcve.org/view.php?id=CVE-2019-0542
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. Existe una vulnerabilidad de ejecución remota de código en Xterm.js cuando el componente maneja mal los caracteres especiales, también conocida como "Xterm Remote Code Execution Vulnerability". Esto afecta a xterm.js It was found that xterm.js does not sanitize terminal escape sequences in browser terminals allowing for execution of arbitrary commands. An attacker could exploit this by convincing a user with a xterm.js browser terminal to display an escape sequence by, for example, reading a from a log file containing attacker-controlled input. • http://www.securityfocus.com/bid/106434 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:1422 https://access.redhat.com/errata/RHSA-2019:2551 https://access.redhat.com/errata/RHSA-2019:2552 https://github.com/xtermjs/xterm.js/releases https://access.redhat.com/security/cve/CVE-2019-0542 https://bugzilla.redhat.com/show_bug.cgi?id=1668531 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •