CVE-2019-1003031

CWE-96 CWE-6937 documents7 sources

Severity

9.9CRITICAL

EPSS

11.7%

top 6.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Matrix Project Jenkins Project Jenkins Matrix Project Plugin Redhat Openshift Container Platform

Timeline

PublishedMar 8

Latest updateMay 13

Description

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:matrix-project< 1.14

▶CVEListV5jenkins_project/jenkins_matrix_project_plugin1.13 and earlier

▶NVDjenkins/matrix_project1.13

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

OSV

Script security sandbox bypass in Matrix Project Plugin↗2022-05-13

▶

GHSA

Script security sandbox bypass in Matrix Project Plugin↗2022-05-13

▶

CVEList

CVE-2019-1003031: A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1↗2019-03-08

▶

📋Vendor Advisories

Red Hat

jenkins-matrix-project-plugin: sandbox bypass in matrix project plugin↗2019-03-06

▶

Jenkins

Jenkins Security Advisory 2019-03-06↗2019-03-06

▶

💬Community

Bugzilla

CVE-2019-1003031 jenkins-matrix-project-plugin: sandbox bypass in matrix project plugin↗2019-03-18

▶