vpatch-CVE-2018-1000861 AppSec Rule

« vpatch-CVE-2018-1000861 »
v0.1 by crowdsecurity
AppSec rule

Jenkins - RCE (CVE-2018-1000861)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2018-1000861

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2018-1000861
2description: "Jenkins - RCE (CVE-2018-1000861)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile
12  - and:
13    - zones:
14      - URI
15      transform:
16      - lowercase
17      match:
18        type: endsWith
19        value: securityRealm/user/admin
20labels:
21  type: exploit
22  service: http
23  confidence: 3
24  spoofable: 0
25  behavior: "http:exploit"
26  label: "Jenkins - RCE"
27  references:
28    - https://www.youtube.com/watch?v=abuH-j-6-s0&t=7s
29    - https://devco.re/blog/2019/02/19/hacking-Jenkins-part2-abusing-meta-programming-for-unauthenticated-RCE/
30  classification:
31   - cve.CVE-2018-1000861
32   - attack.T1595
33   - attack.T1190
34   - cwe.CWE-502

Hub Appsec rule

« vpatch-CVE-2018-1000861 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2018-1000861 »
v0.1 by crowdsecurity
AppSec rule