Incorrect CVE References in Jenkins Exploit Signatures

paolo.ahn · August 28, 2025, 1:29am

I found incorrect CVE references in the Jenkins exploit rules of emerging-all.rules

SID 2060509: References should be CVE-2018-1000861 and CVE-2019-1003000, not 2018-100086 / 2019-100300.
SID 2027350 / 2027349: Metadata currently lists only CVE_2018_100086, but it should reflect the chained exploits: CVE_2018_1000861_CVE_2019_1003000.
SID 2027346: Metadata currently lists CVE_2019_100300, but it should be CVE_2019_1003000.

These should be updated to the correct CVE numbers to match NVD and avoid confusion.

Best regards,
Paolo Ahn

Issues Summary Table

SID	Field	Current Value	Correct Value	Issue/Reason
2060509	`reference:cve`①	`2018-100086`	`2018-1000861`	Missing last digit “1”
2060509	`reference:cve`②	`2019-100300`	`2019-1003000`	Missing last digit “0”
2060509	`metadata:cve`	`CVE_2018_100086_CVE_2019_100300`	`CVE_2018_1000861_CVE_2019_1003000`	Both CVE IDs truncated
2027350	`metadata:cve`	`CVE_2018_100086`	`CVE_2018_1000861_CVE_2019_1003000`	Chained exploit rule, but only one CVE listed and truncated
2027349	`metadata:cve`	`CVE_2018_100086`	`CVE_2018_1000861_CVE_2019_1003000`	Same issue as above
2027346	`metadata:cve`	`CVE_2019_100300`	`CVE_2019_1003000`	Missing last digit “0”

Topic		Replies	Views
Mislabelled CVE in Emerging Threats Rule sid:2063646 Feedback & Support	1	104	July 24, 2025
Mislabelled CVE in Emerging Threats Rule sid:2029154, 2029155 Feedback & Support	1	90	September 29, 2025
Ruleset Update Summary - 2024/01/29 - v10517 Ruleset Updates	0	149	January 29, 2024
Rule Metadata & Exploit Signature Difficulties Tutorials, Tips & Tricks	0	755	June 9, 2023
Ruleset Update Summary - 2025/01/30 - v10849 Ruleset Updates	0	171	January 30, 2025

Incorrect CVE References in Jenkins Exploit Signatures

Issues Summary Table

Related topics