Is CVE-2019-1003001 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Pipeline: Groovy Plugin

CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that…

EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Pipeline: Groovy Plugin — versions 2.61 and earlier

Public proof-of-concept exploits

References

jenkins.io/security/advisory/2019-01-08/ (x_refsource_CONFIRM)
RHBA-2019:0326 (vendor-advisory, x_refsource_REDHAT)
packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-… (x_refsource_MISC)
www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming (x_refsource_MISC)
46572 (exploit, x_refsource_EXPLOIT-DB)
RHBA-2019:0327 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2019-1003001?: CVE-2019-1003001 is a vulnerability in Jenkins Project Pipeline: Groovy Plugin. Published 2019-01-22.
Is CVE-2019-1003001 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.