{"uuid": "6bc54f8f-f7dc-4bf7-ab5d-69f99b9d6b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-10392", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/268", "content": "CVE-2019-10392 \u2014 Yet Another 2k19 Authenticated Remote Command Execution in Jenkins\n\nTwo weeks ago I saw on GitHub a nice repository about pentesting Jenkins. I downloaded the latest alpine LTS build from Docker Hub and I started to play with it, ending up finding an authenticated Remote Command Execution by having an user with the Job\\Configure (USE_ITEM) privilege.\n\nhttps://iwantmore.pizza/posts/cve-2019-10392.html\n#jenkins #rce #vulnerability", "creation_timestamp": "2019-09-15T10:59:50.000000Z"}