CVE-2019-10399

CWE-94Code Injection8 documents7 sources
Severity
4.2MEDIUM
EPSS
0.2%
top 55.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Script SecurityJenkins Project Jenkins Script Security Plugin
Timeline
PublishedSep 12
Latest updateMay 24

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Sandbox bypass vulnerability in Jenkins Script Security Plugin2022-05-24
GHSA
Sandbox bypass vulnerability in Jenkins Script Security Plugin2022-05-24
CVEList
CVE-2019-10399: A sandbox bypass vulnerability in Jenkins Script Security Plugin 12019-09-12

📋Vendor Advisories

2
Red Hat
jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts2019-09-12
Jenkins
Jenkins Security Advisory 2019-09-122019-09-12

💬Community

2
Bugzilla
CVE-2019-10399 jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed script2020-04-01
Bugzilla
CVE-2019-10399 jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed script2020-04-01
CVE-2019-10399 (MEDIUM CVSS 4.2) | A sandbox bypass vulnerability in J | cvebase.io