CVE-2019-1003032
published 2019-03-08CVE-2019-1003032: A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml…
critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | appdynamics_dashboard_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | azure_vm_in_azure_vm_agents_plugin | — | — |
| jenkins | bitbar_run-in-cloud_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | deploy_plugin | — | — |
| jenkins | email_extension | <= 2.64 | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | ids_in_azure_vm_agents_plugin | — | — |
| jenkins | ids_to_allow_administrators_configuring_the_plugin | — | — |
| jenkins | job_dsl_plugin | — | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins | rabbit-mq_publisher_plugin | — | — |
| jenkins | rabbitmq_in_rabbit-mq_publisher_plugin | — | — |
| jenkins | repository_connector_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | this_allowed_users_able_to_control_the_plugin | — | — |
| jenkins_project | jenkins_email_extension_plugin | — | — |