CVE-2019-10355: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.

Affected

15 ranges

Vendor	Product	Version range	Fixed in
jenkins	amazon_ec2_plugin	—	—
jenkins	between_configuration_as_code_plugin	—	—
jenkins	configuration_as_code_plugin	—	—
jenkins	deprecated_groovy_libraries_plugin	—	—
jenkins	google_kubernetes_engine_plugin	—	—
jenkins	maven_integration_plugin	—	—
jenkins	maven_release_plug-in_plugin	—	—
jenkins	sandbox_protection_in_script_security_plugin	—	—
jenkins	script_security	<= 1.61	—
jenkins	script_security_plugin	—	—
jenkins	since_configuration_as_code_plugin	—	—
jenkins	skytap_cloud_ci_plugin	—	—
jenkins_project	jenkins_script_security_plugin	—	—
redhat	openshift_container_platform	—	—
redhat	openshift_container_platform	—	—