CVE-2019-10394
published 2019-09-12CVE-2019-10394: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the…
medium4.2CVSS 3.1
AVNACHPRLUINSUCLILAN
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aqua_security_serverless_scanner_plugin | — | — |
| jenkins | beaker_builder_plugin | — | — |
| jenkins | build_environment_plugin | — | — |
| jenkins | dashboard_view_plugin | — | — |
| jenkins | git_client_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | sandbox_protection_in_script_security_plugin | — | — |
| jenkins | script_security | <= 1.62 | — |
| jenkins | script_security_plugin | — | — |
| jenkins | users_of_git_client_plugin | — | — |
| jenkins_project | jenkins_script_security_plugin | — | — |