{"vulnerability": "CVE-2019-1039", "sightings": [{"uuid": "6bc54f8f-f7dc-4bf7-ab5d-69f99b9d6b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10392", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/268", "content": "CVE-2019-10392 \u2014 Yet Another 2k19 Authenticated Remote Command Execution in Jenkins\n\nTwo weeks ago I saw on GitHub a nice repository about pentesting Jenkins. I downloaded the latest alpine LTS build from Docker Hub and I started to play with it, ending up finding an authenticated Remote Command Execution by having an user with the Job\\Configure (USE_ITEM) privilege.\n\nhttps://iwantmore.pizza/posts/cve-2019-10392.html\n#jenkins #rce #vulnerability", "creation_timestamp": "2019-09-15T10:59:50.000000Z"}, {"uuid": "84a2ad64-e84c-40fc-ad1d-ecf9f0c9e4a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10392", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/1006", "content": "Jenkins \u0441\u043d\u043e\u0432\u0430 \u0440\u0430\u0434\u0443\u0435\u0442 RCE\n\nhttps://iwantmore.pizza/posts/cve-2019-10392.html\nhttps://iwantmore.pizza/assets/images/poc.png\nhttps://jenkins.io/security/advisory/2019-09-12/\n\n#jenkins #security", "creation_timestamp": "2019-09-18T11:31:54.000000Z"}, {"uuid": "e3eac975-bcc4-4f06-91b7-6b71d351cb53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10392", "type": "seen", "source": "https://t.me/arpsyndicate/255", "content": "#ExploitObserverAlert\n\nCVE-2019-10392\n\nDESCRIPTION: Exploit Observer has 13 entries related to CVE-2019-10392. Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.\n\nFIRST-EPSS: 0.947360000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-11-17T10:16:20.000000Z"}, {"uuid": "62d97950-fbb4-4260-83f9-42c18717dc06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-10392", "type": "seen", "source": "https://t.me/arpsyndicate/1770", "content": "#ExploitObserverAlert\n\nCVE-2019-10392\n\nDESCRIPTION: Exploit Observer has 14 entries related to CVE-2019-10392. Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.\n\nFIRST-EPSS: 0.947360000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-11T15:44:31.000000Z"}]}