ATTACK [PTsecurity] Jenkins sandbox bypassing RCE (CVE-2019-1003000/1/2)
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Jenkins sandbox bypassing RCE (CVE-2019-1003000/1/2)"; flow:established, to_server; content:"POST"; http_method; nocase; content:"/job/"; http_uri; depth:5; content:"/config.xml"; http_uri; content:"script"; http_client_body; pcre:"/<\s*script\s*>.*?@(Grab|ASTTest)/Ps"; reference:url, github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc; reference:cve, 2019-1003000; reference:cve, 2019-1003001; reference:cve, 2019-1003002; reference:url, github.com/ptresearch/AttackDetection; classtype:attempted-admin; sid:10004529; rev:1;)
References
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!