Lucene search
JenkinsCVELIST:CVE-2019-1003034HistoryMar 08, 2019 - 9:00 p.m.
CVE-2019-1003034
2019-03-0821:00:00
jenkins
www.cve.org
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
CNA Affected
[
{
"product": "Jenkins Job DSL Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "1.71 and earlier"
}
]
}
]Related
prion
prion
Security feature bypass
2019-03-08 21:29:00
nvd
nvd
CVE-2019-1003034
2019-03-08 21:29:00
osv
osv
Script security sandbox bypass in Jenkins Job DSL Plugin
2022-05-13 01:15:07
CVE-2019-1003034
2019-03-08 21:29:00
veracode
veracode
Sandbox Protection Bypass
2019-05-16 03:58:57
github
github
Script security sandbox bypass in Jenkins Job DSL Plugin
2022-05-13 01:15:07
redhatcve
redhatcve
CVE-2019-1003034
2019-03-20 01:19:49
cve
cve
CVE-2019-1003034
2019-03-08 21:29:00
nessus
nessus
redhat
redhat