GitHub Advisory DatabaseGHSA-X74X-QF5J-35JHSandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.7%
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.jenkins-ci.plugins.workflow | workflow-cps | * | cpe:2.3:a:org.jenkins-ci.plugins.workflow:workflow-cps:*:*:*:*:*:*:*:* |
References
www.openwall.com/lists/oss-security/2019/03/28/2
www.securityfocus.com/bid/107628
access.redhat.com/errata/RHSA-2019:1423
github.com/advisories/GHSA-x74x-qf5j-35jh
github.com/jenkinsci/workflow-cps-plugin/commit/2e5a67fde9baf25315fe692161b4e90d401da86c
jenkins.io/security/advisory/2019-03-25/#SECURITY-1353
nvd.nist.gov/vuln/detail/CVE-2019-1003041
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.7%