Lucene search
GoogleOSV:GHSA-V558-FHW2-V46WHistoryMay 24, 2022 - 10:00 p.m.
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
2022-05-2422:00:03
Google
osv.dev
8
0.003 Low
EPSS
Percentile
66.3%
Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
References
www.openwall.com/lists/oss-security/2019/05/31/2
www.securityfocus.com/bid/108540
access.redhat.com/errata/RHBA-2019:1605
access.redhat.com/errata/RHSA-2019:1636
github.com/jenkinsci/workflow-remote-loader-plugin
github.com/jenkinsci/workflow-remote-loader-plugin/commit/6f9d60f614359720ec98e22b80ba15e8bf88e712
jenkins.io/security/advisory/2019-05-31/#SECURITY-921
nvd.nist.gov/vuln/detail/CVE-2019-10328
Related
veracode
veracode
Sandbox Restrictions Bypass
2019-07-08 00:06:47
github
github
nvd
nvd
CVE-2019-10328
2019-05-31 15:29:00
redhatcve
redhatcve
CVE-2019-10328
2020-12-06 11:53:19
cvelist
cvelist
CVE-2019-10328
2019-05-31 14:20:19
cve
cve
CVE-2019-10328
2019-05-31 15:29:00
prion
prion
Code injection
2019-05-31 15:29:00
osv
osv
CVE-2019-10328
2019-05-31 15:29:00
nessus
nessus
RHEL 7 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)
2019-07-05 00:00:00
redhat
redhat