CVE-2019-1003041
published 2019-03-28CVE-2019-1003041: A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | arxan_mam_publisher_plugin | — | — |
| jenkins | codebeamer_test_results_trend_updater_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | digital.ai_app_management_publisher_plugin | — | — |
| jenkins | ecs_publisher_plugin | — | — |
| jenkins | fortify_on_demand_plugin | — | — |
| jenkins | fortify_on_demand_uploader_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | ids_in_arxan_mam_publisher_plugin | — | — |
| jenkins | ids_to_allow_administrators_configuring_the_plugin | — | — |
| jenkins | lockable_resources_plugin | — | — |
| jenkins | pipeline | <= 2.64 | — |
| jenkins | prqa_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | slack_notification_plugin | — | — |
| jenkins_project | jenkins_pipeline_groovy_plugin | — | — |
| redhat | openshift_container_platform | — | — |