CVE-2019-10458

2019-10-1614:15:13

Google

osv.dev

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

CPENameOperatorVersion
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.2.0
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.0.0
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.1.1
puppet-enterprise-pipeline-plugineq1.0.0
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.2.3
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.3.0
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.2.1
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.0.1
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.2.2
puppet-enterprise-pipeline-plugineqpuppet-enterprise-pipeline-1.1.0

Name	Operator	Version
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.2.0
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.0.0
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.1.1
puppet-enterprise-pipeline-plugin	eq	1.0.0
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.2.3
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.3.0
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.2.1
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.0.1
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.2.2
puppet-enterprise-pipeline-plugin	eq	puppet-enterprise-pipeline-1.1.0