CVE-2019-1003031: A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows…

critical9.9CVSS 3.1

AVNACLPRLUINSCCHIHAH

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
jenkins	appdynamics_dashboard_plugin	—	—
jenkins	azure_vm_agents_plugin	—	—
jenkins	azure_vm_in_azure_vm_agents_plugin	—	—
jenkins	bitbar_run-in-cloud_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	deploy_plugin	—	—
jenkins	email_extension_plugin	—	—
jenkins	groovy_plugin	—	—
jenkins	ids_in_azure_vm_agents_plugin	—	—
jenkins	ids_to_allow_administrators_configuring_the_plugin	—	—
jenkins	job_dsl_plugin	—	—
jenkins	matrix_project	<= 1.13	—
jenkins	matrix_project_plugin	—	—
jenkins	rabbit-mq_publisher_plugin	—	—
jenkins	rabbitmq_in_rabbit-mq_publisher_plugin	—	—
jenkins	repository_connector_plugin	—	—
jenkins	script_security_plugin	—	—
jenkins	this_allowed_users_able_to_control_the_plugin	—	—
jenkins_project	jenkins_matrix_project_plugin	—	—
redhat	openshift_container_platform	—	—