CVE-2019-10393

CWE-94 — Code Injection9 documents7 sources

Severity

4.2MEDIUM

EPSS

0.2%

top 55.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Script Security Jenkins Project Jenkins Script Security Plugin

Timeline

PublishedSep 12

Latest updateMay 24

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_script_security_plugin1.62 and earlier

▶Mavenorg.jenkins-ci.plugins:script-security< 1.63

▶NVDjenkins/script_security1.62

🔴Vulnerability Details

GHSA

Sandbox bypass vulnerability in Script Security Plugin↗2022-05-24

▶

OSV

Sandbox bypass vulnerability in Script Security Plugin↗2022-05-24

▶

CVEList

CVE-2019-10393: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1↗2019-09-12

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-09-12↗2019-09-12

▶

Red Hat

jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts↗2019-09-12

▶

💬Community

Bugzilla

CVE-2019-10393 jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts [fedora-30]↗2020-04-01

▶

Bugzilla

CVE-2019-10393 jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts↗2020-04-01

▶

Bugzilla

CVE-2018-10393 libvorbis: stack buffer overflow in bark_noise_hybridmp function↗2018-05-02

▶