jenkins exploits

jenkins exploits

iamkashz/ctf-scripts/jenkins-preauth-rce-v2.150.1.sh

gquere/pwn_jenkins

  1. Deserialization RCE in old Jenkins (CVE-2015-8103, Jenkins 1.638 and older)

  2. Authentication/ACL bypass (CVE-2018-1000861, Jenkins <2.150.1)

  3. Metaprogramming RCE in Jenkins Plugins (CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002)

  4. CheckScript RCE in Jenkins (CVE-2019-1003029, CVE-2019-1003030)

  5. Git plugin (<3.12.0) RCE in Jenkins (CVE-2019-10392)

  6. Dumping builds to find cleartext secrets

  7. Password spraying

  8. Decrypt Jenkins secrets offline

Additional Reading

Previousjames remote admin toolNextkatris

Last updated