参考:
https://www.jenkins.io/security/advisory/2019-01-08/
https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
https://www.exploit-db.com/exploits/46453
https://blog.51cto.com/13770310/2352740
https://cloud.tencent.com/developer/article/1512575
漏洞描述:
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
参考:
https://nvd.nist.gov/vuln/detail/CVE-2019-1003000