{"vulnerability": "CVE-2018-1000861", "sightings": [{"uuid": "f6acac14-0323-45ad-9c73-d24fc0b55854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/5ccf3134-ea64-43c1-a356-f9f3950d210f", "content": "", "creation_timestamp": "2019-05-13T08:12:02.000000Z"}, {"uuid": "405269f3-8655-49ac-a603-087d492e3eb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/5d8090e3-60f4-466c-95fb-25640a3b4631", "content": "", "creation_timestamp": "2019-09-17T07:57:53.000000Z"}, {"uuid": "62b3af15-44ae-48df-a4b9-65f13dd7cbc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/5dad8c03-98b4-405a-a52d-30090a3b4631", "content": "", "creation_timestamp": "2019-10-21T10:44:41.000000Z"}, {"uuid": "9350a064-aa3a-4cbe-a9a8-ccde2b1e47b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/d242633d-9d52-4527-ac05-95ce6550cfae", "content": "", "creation_timestamp": "2020-10-09T14:44:05.000000Z"}, {"uuid": "f635d0c4-3695-4afa-828b-f31630377db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/b60ecd6e-648d-4bc4-a6ad-3527a2216be1", "content": "", "creation_timestamp": "2020-10-09T13:26:55.000000Z"}, {"uuid": "9acc743d-98b1-4955-bb6c-9a8dd25c42f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/b909d469-014d-4c2b-a989-4618f5a3a92b", "content": "", "creation_timestamp": "2020-10-16T03:00:22.000000Z"}, {"uuid": "9aa19fd9-5c1c-4728-b6f1-62317ca114ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/e6fe42d5-2d65-4430-a1f1-dc057b94d89e", "content": "", "creation_timestamp": "2020-10-09T13:23:54.000000Z"}, {"uuid": "23d94d1e-040a-4bf9-a7b4-b34ef761cac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/3897e904-72b7-4620-b536-ae0a0a8546b1", "content": "", "creation_timestamp": "2020-10-09T14:34:07.000000Z"}, {"uuid": "810579b7-4392-43fa-af57-e11ef7666760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/e1d58ad8-7800-491b-a63b-a03d081914d4", "content": "", "creation_timestamp": "2020-06-25T12:24:13.000000Z"}, {"uuid": "4cb1b3d8-c933-4afa-85bb-1bf77bc843fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "ebeedfaa-47aa-4c6b-a924-f46c38d5ceb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971249", "content": "", "creation_timestamp": "2024-12-24T20:26:29.774301Z"}, {"uuid": "c841dd07-f958-4457-a9b7-304b0a1901a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-04)", "content": "", "creation_timestamp": "2025-04-04T00:00:00.000000Z"}, {"uuid": "9442cd56-1e6f-4b94-a6d1-089c3bf7d052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:18.000000Z"}, {"uuid": "8bcf78c3-8602-4a8e-b951-836c23ec1ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-28)", "content": "", "creation_timestamp": "2025-03-28T00:00:00.000000Z"}, {"uuid": "cdac3290-e1cc-4b67-9f4e-2923a7b84325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-02)", "content": "", "creation_timestamp": "2025-04-02T00:00:00.000000Z"}, {"uuid": "03147a4b-29b5-488b-9937-c08f7a414e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "0f7c1655-a2d5-4fa4-ae67-d1ea394bc58a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:16.000000Z"}, {"uuid": "de03e934-6508-4661-9755-7d5b46632ffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "cf560181-a746-4706-b92a-09a8ba6aa89c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "https://gist.github.com/Devball406/7c3257f2034c725588426e563837ad80", "content": "", "creation_timestamp": "2025-05-12T15:51:09.000000Z"}, {"uuid": "95d1cc5a-842e-4e24-b44e-79b5b40b66eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkins_metaprogramming.rb", "content": "", "creation_timestamp": "2019-03-18T12:37:31.000000Z"}, {"uuid": "5c0d8c67-0c61-4d49-9a15-151c24606223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "https://t.me/arpsyndicate/1759", "content": "#ExploitObserverAlert\n\nCVE-2018-1000861\n\nDESCRIPTION: Exploit Observer has 66 entries related to CVE-2018-1000861. A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.\n\nFIRST-EPSS: 0.971120000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-11T14:50:54.000000Z"}, {"uuid": "942d741b-f80d-4af2-b741-90af0e6a6bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2018-1000861", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/812e1ff5-1449-4378-bbc3-65ad133150d5", "content": "", "creation_timestamp": "2026-02-02T12:28:24.075639Z"}, {"uuid": "8c6bdaef-9022-48eb-a133-0100f47cd341", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-07)", "content": "", "creation_timestamp": "2026-04-07T00:00:00.000000Z"}, {"uuid": "438b8c58-59eb-42cb-a1ea-eac604dd3536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2140", "content": "awesome jenkins rce 2019\nThere is no pre-auth RCE in Jenkins since May 2017, but this is the one!\nIt chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution!\nhttps://github.com/orangetw/awesome-jenkins-rce-2019\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1\ufe0f", "creation_timestamp": "2022-07-31T07:01:12.000000Z"}, {"uuid": "55697ed1-00d1-4689-a98f-9a40558e52a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "published-proof-of-concept", "source": "https://t.me/netrunnerz/438", "content": "Jenkins RCE 2019\nCVE-2018-1000861\nCVE-2019-1003005\nCVE-2019-1003029\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435:\n$ curl -s -I http://jenkins/| grep X-Jenkins\nX-Jenkins: 2.137\nX-Jenkins-Session: 20f72c2e\nX-Jenkins-CLI-Port: 50000\nX-Jenkins-CLI2-Port: 50000\n\n$ python exp.py http://jenkins/ 'curl orange.tw'\n[*] ANONYMOUS_READ disable!\n[*] Bypass with CVE-2018-1000861!\n[*] Exploit success!(it should be :P)\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\nJenkins 2.53\nJenkins 2.122\nJenkins 2.137\nJenkins 2.138 with ANONYMOUS_READ enable\nJenkins 2.152 with ANONYMOUS_READ enable\nJenkins 2.153 with ANONYMOUS_READ enable\nScript Security Plugin 1.43\nScript Security Plugin 1.48", "creation_timestamp": "2023-04-06T10:40:22.000000Z"}, {"uuid": "6e2bc056-9754-4692-8d94-157720f0f3a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "exploited", "source": "https://t.me/SecLabNews/5845", "content": "\u041a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0438\u043d\u0433\u043e\u0432\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 WatchBog \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 web-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Pastebin \u0434\u043b\u044f C&C-\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439. \u0414\u0430\u043d\u043d\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 \u0435\u0449\u0435 \u0441 2018 \u0433\u043e\u0434\u0430 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b Monero, \u043e\u0434\u043d\u0430\u043a\u043e \u0432 \u0438\u044e\u043b\u0435 \u043d\u044b\u043d\u0435\u0448\u043d\u0435\u0433\u043e \u0433\u043e\u0434\u0430 \u0432\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0431\u044b\u043b \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u043a\u043e\u0434 \u0434\u043b\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 BlueKeep \u0432 Windows. \u0411\u043e\u0442\u043d\u0435\u0442 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0442\u0430\u043a\u0438\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u0430\u043a CVE-2018-1000861 (\u0432 Jenkins), CVE-2019-11581 (Jira), CVE-2019-10149 (Exim) \u0438 CVE-2019-0192 (Sol).    \n\u041a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0438\u043d\u0433\u043e\u0432\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 WatchBog \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 Pastebin \u043a\u0430\u043a C&C-\u0441\u0435\u0440\u0432\u0435\u0440", "creation_timestamp": "2019-09-13T14:05:15.000000Z"}, {"uuid": "a07b89cf-6799-4a74-9e40-c21b8a4ff5c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-05)", "content": "", "creation_timestamp": "2026-05-05T00:00:00.000000Z"}, {"uuid": "1bec090b-e34e-41f6-a6ff-ac569cbe148a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-01)", "content": "", "creation_timestamp": "2026-05-01T00:00:00.000000Z"}, {"uuid": "e7fdec80-8388-47a6-9b73-92690649bde9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1000861", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-03)", "content": "", "creation_timestamp": "2026-05-03T00:00:00.000000Z"}]}