[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-1003000":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":83,"duplicate_of":9,"upstream":85,"downstream":86,"duplicates":89,"related":90,"reserved_at":9,"published_at":91,"modified_at":92,"state":93,"summary":94,"references_raw":102,"kevs":156,"epss":157,"epss_history":160,"metrics":352,"affected":365},"CVE-2019-1003000","A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],[19,28,44,56,64],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":27,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_B14DFF459A64CB52","Exploit Reference (packetstormsecurity.com)","reference","http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html","unknown",0.2,false,[],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":36,"platforms":37,"requires_auth":9,"exploitdb":39,"metasploit":9},"46572","Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)","exploit-database","https://www.exploit-db.com/exploits/46572","weaponized",0.8,true,"remote",[38],"java",{"verified":35,"type":36,"platform":38,"file":40,"codes":41},"exploits/java/remote/46572.rb",[42,43,7],"CVE-2019-1003002","CVE-2019-1003001",{"_key":45,"name":46,"source":31,"url":47,"maturity":48,"reliability_score":49,"verified":26,"type":9,"platforms":50,"requires_auth":9,"exploitdb":51,"metasploit":9},"46453","Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution","https://www.exploit-db.com/exploits/46453","poc",0.5,[38],{"verified":26,"type":52,"platform":38,"file":53,"codes":54},"webapps","exploits/java/webapps/46453.py",[7,55],"CVE-2018-1999002",{"_key":57,"name":58,"source":31,"url":59,"maturity":48,"reliability_score":34,"verified":35,"type":9,"platforms":60,"requires_auth":9,"exploitdb":61,"metasploit":9},"46427","Jenkins Plugin Script Security \u003C 1.50/Declarative \u003C 1.3.4.1/Groovy \u003C 2.61.1 - Remote Code Execution (PoC)","https://www.exploit-db.com/exploits/46427",[38],{"verified":35,"type":52,"platform":38,"file":62,"codes":63},"exploits/java/webapps/46427.txt",[42,43,7],{"_key":65,"name":66,"source":67,"url":68,"maturity":33,"reliability_score":69,"verified":35,"type":36,"platforms":70,"requires_auth":26,"exploitdb":9,"metasploit":71},"MSF_EXPLOIT_MULTI_HTTP_JENKINS_METAPROGRAMMING","Jenkins ACL Bypass and Metaprogramming RCE","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/multi/http/jenkins_metaprogramming.rb",1,[],{"fullname":72,"rank":73,"rank_name":74,"post_auth":26,"check":35,"notes":75},"exploit/multi/http/jenkins_metaprogramming",600,"excellent",{"Stability":76,"SideEffects":78,"Reliability":81},[77],"crash-safe",[79,80],"ioc-in-logs","artifacts-on-disk",[82],"repeatable-session",[84],"GHSA-784j-h234-m56x",[],[87],{"_key":88},"RHBA-2019:0326",[],[],"2019-01-22T14:00:00.000Z","2024-08-05T03:00:19.257Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":95,"epss_score":96,"severity":97,"severity_score":98,"severity_version":99,"severity_source":100,"severity_vector":101,"severity_status":93},"critical",0.94443,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[103,112,120,125,129,133,137,141,146,150,153],{"url":104,"sources":105,"tags":108},"https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266",[106,100,107],"cve.org","osv_maven",[109,110,111],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":113,"sources":114,"tags":115},"https://www.exploit-db.com/exploits/46453/",[106,100],[116,117,118,119],"Exploit","X Refsource EXPLOIT DB","Third Party Advisory","VDB Entry",{"url":121,"sources":122,"tags":123},"https://access.redhat.com/errata/RHBA-2019:0326",[106,100,107],[110,124,118,111],"X Refsource REDHAT",{"url":23,"sources":126,"tags":127},[106,100,107],[128,116,118,119,111],"X Refsource MISC",{"url":130,"sources":131,"tags":132},"http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming",[106,100,107],[128,118,111],{"url":134,"sources":135,"tags":136},"https://www.exploit-db.com/exploits/46572/",[106,100],[116,117,118,119],{"url":138,"sources":139,"tags":140},"https://access.redhat.com/errata/RHBA-2019:0327",[106,100,107],[110,124,118,111],{"url":142,"sources":143,"tags":144},"https://nvd.nist.gov/vuln/detail/CVE-2019-1003000",[107],[145],"Advisory",{"url":147,"sources":148,"tags":149},"https://github.com/jenkinsci/script-security-plugin/commit/2c5122e50742dd16492f9424992deb21cc07837c",[107],[111],{"url":47,"sources":151,"tags":152},[107],[111],{"url":32,"sources":154,"tags":155},[107],[111],[],{"date":158,"score":96,"percentile":159},"2026-06-04",0.99992,[161,165,167,169,172,174,176,178,180,182,184,186,188,190,192,196,198,201,204,206,209,211,213,215,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,261,263,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350],{"date":162,"score":163,"percentile":164},"2025-11-04",0.94445,0.99991,{"date":166,"score":163,"percentile":164},"2025-11-05",{"date":168,"score":163,"percentile":164},"2025-11-06",{"date":170,"score":96,"percentile":171},"2025-11-07",0.9999,{"date":173,"score":96,"percentile":171},"2025-11-08",{"date":175,"score":96,"percentile":171},"2025-11-09",{"date":177,"score":96,"percentile":171},"2025-11-10",{"date":179,"score":96,"percentile":171},"2025-11-11",{"date":181,"score":96,"percentile":171},"2025-11-12",{"date":183,"score":96,"percentile":171},"2025-11-13",{"date":185,"score":96,"percentile":171},"2025-11-14",{"date":187,"score":96,"percentile":171},"2025-11-15",{"date":189,"score":96,"percentile":171},"2025-11-16",{"date":191,"score":96,"percentile":171},"2025-11-17",{"date":193,"score":194,"percentile":195},"2025-11-18",0.94216,0.99958,{"date":197,"score":194,"percentile":195},"2025-11-19",{"date":199,"score":194,"percentile":200},"2025-11-20",0.99957,{"date":202,"score":96,"percentile":203},"2025-11-21",0.99988,{"date":205,"score":96,"percentile":203},"2025-11-22",{"date":207,"score":96,"percentile":208},"2025-11-23",0.99989,{"date":210,"score":96,"percentile":171},"2025-11-24",{"date":212,"score":96,"percentile":171},"2025-11-25",{"date":214,"score":96,"percentile":171},"2025-11-26",{"date":216,"score":217,"percentile":208},"2025-11-27",0.94441,{"date":219,"score":217,"percentile":208},"2025-11-28",{"date":221,"score":217,"percentile":208},"2025-11-29",{"date":223,"score":217,"percentile":208},"2025-11-30",{"date":225,"score":217,"percentile":208},"2025-12-01",{"date":227,"score":217,"percentile":171},"2025-12-02",{"date":229,"score":217,"percentile":171},"2025-12-03",{"date":231,"score":217,"percentile":208},"2025-12-04",{"date":233,"score":217,"percentile":208},"2025-12-05",{"date":235,"score":217,"percentile":208},"2025-12-06",{"date":237,"score":217,"percentile":208},"2025-12-07",{"date":239,"score":217,"percentile":208},"2025-12-08",{"date":241,"score":217,"percentile":208},"2025-12-09",{"date":243,"score":217,"percentile":208},"2025-12-10",{"date":245,"score":217,"percentile":208},"2025-12-11",{"date":247,"score":217,"percentile":208},"2025-12-12",{"date":249,"score":217,"percentile":208},"2025-12-13",{"date":251,"score":217,"percentile":208},"2025-12-14",{"date":253,"score":217,"percentile":203},"2025-12-15",{"date":255,"score":217,"percentile":203},"2025-12-16",{"date":257,"score":217,"percentile":203},"2025-12-17",{"date":259,"score":217,"percentile":260},"2025-12-18",0.99986,{"date":262,"score":217,"percentile":260},"2025-12-19",{"date":264,"score":217,"percentile":265},"2025-12-20",0.99987,{"date":267,"score":217,"percentile":203},"2025-12-21",{"date":269,"score":217,"percentile":203},"2025-12-22",{"date":271,"score":217,"percentile":203},"2025-12-23",{"date":273,"score":217,"percentile":203},"2025-12-24",{"date":275,"score":217,"percentile":208},"2025-12-25",{"date":277,"score":217,"percentile":208},"2025-12-26",{"date":279,"score":217,"percentile":208},"2025-12-27",{"date":281,"score":217,"percentile":208},"2025-12-28",{"date":283,"score":217,"percentile":208},"2025-12-29",{"date":285,"score":217,"percentile":208},"2025-12-30",{"date":287,"score":217,"percentile":208},"2025-12-31",{"date":289,"score":217,"percentile":208},"2026-01-01",{"date":291,"score":217,"percentile":208},"2026-01-02",{"date":293,"score":217,"percentile":208},"2026-01-03",{"date":295,"score":217,"percentile":203},"2026-01-04",{"date":297,"score":217,"percentile":203},"2026-01-05",{"date":299,"score":217,"percentile":203},"2026-01-06",{"date":301,"score":217,"percentile":203},"2026-01-07",{"date":303,"score":217,"percentile":203},"2026-01-08",{"date":305,"score":217,"percentile":203},"2026-01-09",{"date":307,"score":217,"percentile":203},"2026-01-10",{"date":309,"score":217,"percentile":203},"2026-01-11",{"date":311,"score":217,"percentile":203},"2026-01-12",{"date":313,"score":217,"percentile":203},"2026-01-13",{"date":315,"score":217,"percentile":203},"2026-01-14",{"date":317,"score":217,"percentile":203},"2026-01-15",{"date":319,"score":217,"percentile":203},"2026-01-16",{"date":321,"score":217,"percentile":203},"2026-01-17",{"date":323,"score":217,"percentile":265},"2026-01-18",{"date":325,"score":217,"percentile":265},"2026-01-19",{"date":327,"score":217,"percentile":265},"2026-01-20",{"date":329,"score":217,"percentile":265},"2026-01-21",{"date":331,"score":217,"percentile":265},"2026-01-22",{"date":333,"score":217,"percentile":265},"2026-01-23",{"date":335,"score":217,"percentile":203},"2026-01-24",{"date":337,"score":217,"percentile":203},"2026-01-25",{"date":339,"score":217,"percentile":203},"2026-01-26",{"date":341,"score":217,"percentile":203},"2026-01-27",{"date":343,"score":217,"percentile":203},"2026-01-28",{"date":345,"score":217,"percentile":203},"2026-01-29",{"date":347,"score":217,"percentile":203},"2026-01-30",{"date":349,"score":217,"percentile":208},"2026-01-31",{"date":351,"score":217,"percentile":208},"2026-02-01",[353,363],{"source":100,"cvss_v2_0":354,"cvss_v3_0":9,"cvss_v3_1":359,"cvss_v4_0":9},{"baseScore":355,"baseSeverity":9,"vectorString":356,"impactScore":357,"exploitabilityScore":358},6.5,"AV:N/AC:L/Au:S/C:P/I:P/A:P",6.4,8,{"baseScore":98,"baseSeverity":360,"vectorString":101,"impactScore":361,"exploitabilityScore":362},"HIGH",9.8,7.2,{"source":107,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":364,"cvss_v4_0":9},{"baseScore":98,"baseSeverity":9,"vectorString":101,"impactScore":361,"exploitabilityScore":362},[366,375,384,396],{"ecosystem":9,"name":367,"vendor":368,"product":369,"cpe_part":370,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":371},"Script Security Plugin","jenkins project","script security plugin","a",[372],{"version":373,"is_range":26,"range_type":106,"version_start":373,"version_start_type":374,"version_end":373,"version_end_type":374,"fixed_in":9},"1.49 and earlier","including",{"ecosystem":9,"name":376,"vendor":377,"product":378,"cpe_part":370,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":379},"script security","jenkins","script_security",[380],{"version":381,"is_range":35,"range_type":382,"version_start":9,"version_start_type":9,"version_end":383,"version_end_type":374,"fixed_in":9},"lte1.49","cpe","1.49",{"ecosystem":385,"name":386,"vendor":387,"product":388,"cpe_part":9,"purl_type":389,"purl_namespace":387,"purl_name":388,"source":9,"versions":390},"Maven","org.jenkins-ci.plugins:script-security","org.jenkins-ci.plugins","script-security","maven",[391],{"version":392,"is_range":35,"range_type":393,"version_start":9,"version_start_type":9,"version_end":394,"version_end_type":395,"fixed_in":9},"lt1_50","ecosystem","1.50","excluding",{"ecosystem":9,"name":397,"vendor":398,"product":399,"cpe_part":370,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":400},"openshift container platform","redhat","openshift_container_platform",[401],{"version":402,"is_range":26,"range_type":382,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.11"]