CVE-2019-10355Incorrect Type Conversion or Cast in Jenkins Script Security

CWE-704Incorrect Type Conversion or CastCWE-266Incorrect Privilege Assignment8 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 87.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Jenkins Script SecurityJenkins Project Jenkins Script Security PluginRedhat Openshift Container Platform
Timeline
PublishedJul 31
Latest updateMay 24

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Also affects: Openshift Container Platform 3.11, 4.1

🔴Vulnerability Details

3
OSV
Incorrect Privilege Assignment in Jenkins Script Security Plugin2022-05-24
GHSA
Incorrect Privilege Assignment in Jenkins Script Security Plugin2022-05-24
CVEList
CVE-2019-10355: A sandbox bypass vulnerability in Jenkins Script Security Plugin 12019-07-31

📋Vendor Advisories

2
Red Hat
jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin2019-08-01
Jenkins
Jenkins Security Advisory 2019-07-312019-07-31

💬Community

2
Bugzilla
CVE-2019-10355 jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin2019-08-01
Bugzilla
CVE-2019-10355 jenkins-script-security-plugin: jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin [fedora-all]2019-08-01
CVE-2019-10355 — Incorrect Type Conversion or Cast | cvebase