影响版本
Pipeline: Declarative Plugin up to and including 1.3.4
Pipeline: Groovy Plugin up to and including 2.61
Script Security Plugin up to and including 1.49
环境搭建
复现漏洞CVE-2019-1003000 (Script Security)
测试环境需要安装docker
git clone https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc.git
cd cve-2019-1003000-jenkins-rce-poc
pip install -r requirements.txt
cd sample-vuln
./run.sh
http://127.0.0.1:8080/打开网站