Is CVE-2019-1003002 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Pipeline: Declarative Plugin

CVE-2019-1003002

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/…

EPSS: 0.935 (99.8th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Pipeline: Declarative Plugin — versions 1.3.3 and earlier

Public proof-of-concept exploits

References

jenkins.io/security/advisory/2019-01-08/ (x_refsource_CONFIRM)
RHBA-2019:0326 (vendor-advisory, x_refsource_REDHAT)
packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-… (x_refsource_MISC)
www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming (x_refsource_MISC)
46572 (exploit, x_refsource_EXPLOIT-DB)
RHBA-2019:0327 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2019-1003002?: CVE-2019-1003002 is a vulnerability in Jenkins Project Pipeline: Declarative Plugin. Published 2019-01-22.
Is CVE-2019-1003002 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.