CVE-2019-1003024

CWE-968 documents7 sources
Severity
8.8HIGH
EPSS
0.3%
top 46.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Jenkins Script SecurityJenkins Project Jenkins Script Security PluginRedhat Openshift Container Platform
Timeline
PublishedFeb 20
Latest updateMay 13

Description

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

â–¶CVEListV5jenkins_project/jenkins_script_security_plugin1.52 and earlier

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

3
GHSA
Jenkins Script Security Plugin sandbox bypass vulnerability↗2022-05-13
â–¶
OSV
Jenkins Script Security Plugin sandbox bypass vulnerability↗2022-05-13
â–¶
CVEList
CVE-2019-1003024: A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1↗2019-02-20
â–¶

📋Vendor Advisories

2
Red Hat
jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320)↗2019-02-19
â–¶
Jenkins
Jenkins Security Advisory 2019-02-19↗2019-02-19
â–¶

💬Community

2
Bugzilla
CVE-2019-1003024 jenkins-script-security-plugin: jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320) [fedora-all]↗2019-03-01
â–¶
Bugzilla
CVE-2019-1003024 jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320)↗2019-03-01
â–¶
CVE-2019-1003024 (HIGH CVSS 8.8) | A sandbox bypass vulnerability exis | cvebase.io