CVE-2019-10431

CWE-94Code InjectionCWE-20Improper Input Validation8 documents7 sources
Severity
9.9CRITICAL
EPSS
0.3%
top 43.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Script SecurityJenkins Project Jenkins Script Security Plugin
Timeline
PublishedOct 1
Latest updateMay 24

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
Improper Control of Generation of Code in Jenkins Script Security Plugin2022-05-24
OSV
Improper Control of Generation of Code in Jenkins Script Security Plugin2022-05-24
CVEList
CVE-2019-10431: A sandbox bypass vulnerability in Jenkins Script Security Plugin 12019-10-01

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2019-10-012019-10-01
Red Hat
jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin2019-10-01

💬Community

2
Bugzilla
CVE-2019-10431 jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin2019-10-22
Bugzilla
CVE-2019-10431 jenkins-script-security-plugin: jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin [fedora-all]2019-10-22
CVE-2019-10431 (CRITICAL CVSS 9.9) | A sandbox bypass vulnerability in J | cvebase.io