Is CVE-2019-1003005 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Script Security Plugin

CVE-2019-1003005

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to pro…

EPSS: 0.742 (98.9th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Script Security Plugin — versions 1.50 and earlier

Public proof-of-concept exploits

References

jenkins.io/security/advisory/2019-01-28/ (x_refsource_CONFIRM)
RHSA-2019:0739 (vendor-advisory, x_refsource_REDHAT)
packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-1003005?: CVE-2019-1003005 is a vulnerability in Jenkins Project Script Security Plugin. Published 2019-02-06.
Is CVE-2019-1003005 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.