CVE-2019-1003040

CWE-470 CWE-7048 documents7 sources

Severity

9.8CRITICAL

EPSS

2.1%

top 16.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Script Security Jenkins Project Jenkins Script Security Plugin Redhat Openshift Container Platform

Timeline

PublishedMar 28

Latest updateMay 13

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_script_security_plugin1.55 and earlier

▶Mavenorg.jenkins-ci.plugins:script-security< 1.56

▶NVDjenkins/script_security1.55

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

OSV

Sandbox bypass vulnerability in Jenkins Script Security Plugin↗2022-05-13

▶

GHSA

Sandbox bypass vulnerability in Jenkins Script Security Plugin↗2022-05-13

▶

CVEList

CVE-2019-1003040: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1↗2019-03-28

▶

📋Vendor Advisories

Red Hat

jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)↗2019-03-25

▶

Jenkins

Jenkins Security Advisory 2019-03-25↗2019-03-25

▶

💬Community

Bugzilla

CVE-2019-1003040 jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)↗2019-04-01

▶

Bugzilla

CVE-2019-1003040 jenkins-script-security-plugin: jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353) [fedora-all]↗2019-04-01

▶