Sandbox Bypass Vulnerability in Jenkins Matrix Project Plugin
CVE-2019-1003031

9.9CRITICAL

Key Information:

Vendor
Jenkins
Status
Jenkins Matrix Project Plugin
Vendor
CVE Published:
8 March 2019

Summary

A sandbox bypass vulnerability has been identified in the Jenkins Matrix Project Plugin, affecting versions 1.13 and earlier. This security flaw allows attackers with Job/Configure permissions to execute arbitrary code on the Jenkins master JVM, potentially compromising the integrity and security of the Jenkins environment. It is essential for users to review their plugin versions and apply necessary updates to mitigate this risk. More details can be found in the official security advisory.

Affected Version(s)

Jenkins Matrix Project Plugin 1.13 and earlier

References

https://jenkins.io/security/advisory/2019-03-06/#SECURITY...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/107476
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2019:0739
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.