cbcvebase.
CVE-2019-10399
published 2019-09-12

CVE-2019-10399: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in…

medium4.2CVSS 3.1
AVNACHPRLUINSUCLILAN
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Affected

11 ranges
VendorProductVersion rangeFixed in
jenkinsaqua_security_serverless_scanner_plugin
jenkinsbeaker_builder_plugin
jenkinsbuild_environment_plugin
jenkinsdashboard_view_plugin
jenkinsgit_client_plugin
jenkinsgit_plugin
jenkinssandbox_protection_in_script_security_plugin
jenkinsscript_security<= 1.62
jenkinsscript_security_plugin
jenkinsusers_of_git_client_plugin
jenkins_projectjenkins_script_security_plugin