Jenkins ACL Bypass / Metaprogramming Remote Code Execution

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.

Link: https://packetstormsecurity.com/files/152132/jenkins_metaprogramming.rb.txt