Sandbox Bypass Vulnerability in Jenkins Script Security Plugin by Jenkins
CVE-2019-1003040

9.8CRITICAL

Key Information:

Vendor
Jenkins
Status
Jenkins Script Security Plugin
Vendor
CVE Published:
28 March 2019

Summary

A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin, allowing unauthorized code execution. Specifically, this vulnerability enables attackers to invoke arbitrary constructors within sandboxed scripts, potentially leading to unauthorized access and manipulation of the Jenkins environment. Users of versions 1.55 and earlier of the plugin are particularly at risk and should apply necessary updates to mitigate this security issue. For more details on this vulnerability, refer to the advisories released by Jenkins and security experts.

Affected Version(s)

Jenkins Script Security Plugin 1.55 and earlier

References

http://www.openwall.com/lists/oss-security/2019/03/28/2
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/107628
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2019:1423
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.