CVE-2019-16538

CWE-863Incorrect AuthorizationCWE-94Code Injection8 documents7 sources
Severity
8.8HIGH
EPSS
0.2%
top 60.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Script SecurityJenkins Project Jenkins Script Security Plugin
Timeline
PublishedNov 21
Latest updateMay 24

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Incorrect Authorization in Jenkins Script Security Plugin2022-05-24
GHSA
Incorrect Authorization in Jenkins Script Security Plugin2022-05-24
CVEList
CVE-2019-16538: A sandbox bypass vulnerability in Jenkins Script Security Plugin 12019-11-21

📋Vendor Advisories

2
Red Hat
jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts2019-11-21
Jenkins
Jenkins Security Advisory 2019-11-212019-11-21

💬Community

2
Bugzilla
CVE-2019-16538 jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts2020-04-01
Bugzilla
CVE-2019-16538 jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts [fedora-30]2020-04-01
CVE-2019-16538 (HIGH CVSS 8.8) | A sandbox bypass vulnerability in J | cvebase.io