CVE-2019-10394

CWE-94Code Injection8 documents7 sources
Severity
4.2MEDIUM
EPSS
0.2%
top 55.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Script SecurityJenkins Project Jenkins Script Security Plugin
Timeline
PublishedSep 12
Latest updateMay 24

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
Sandbox bypass vulnerability in Jenkins Script Security Plugin2022-05-24
OSV
Sandbox bypass vulnerability in Jenkins Script Security Plugin2022-05-24
CVEList
CVE-2019-10394: A sandbox bypass vulnerability in Jenkins Script Security Plugin 12019-09-12

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2019-09-122019-09-12
Red Hat
jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts2019-09-12

💬Community

2
Bugzilla
CVE-2019-10394 jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts2020-04-01
Bugzilla
CVE-2019-10394 jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts [f2020-04-01