Lucene search
Redhat.comRH:CVE-2019-1003001HistoryJan 25, 2019 - 2:20 p.m.
CVE-2019-1003001
2019-01-2514:20:13
redhat.com
access.redhat.com
9
0.555 Medium
EPSS
Percentile
97.7%
A flaw was found in Jenkins Pipeline. In the Declarative plugin, the script sandbox protection could be circumvented during the script compilation phase by applying AST. Both the pipeline validation REST APIs and the actual script/pipeline execution are affected. This allows users with Overall/Read permissions, or those able to control Jenkinsfile or the sandboxed Pipeline shared library contents in SCM, to bypass sandbox protection and execute arbitrary code on the Jenkins master. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Related
github
github
Jenkins Groovy Plugin sandbox bypass vulnerability
2022-05-13 01:15:20
osv
osv
Jenkins Groovy Plugin sandbox bypass vulnerability
2022-05-13 01:15:20
CVE-2019-1003001
2019-01-22 14:29:00
cvelist
cvelist
CVE-2019-1003001
2019-01-22 14:00:00
cve
cve
CVE-2019-1003001
2019-01-22 14:29:00
checkpoint_advisories
checkpoint_advisories
Jenkins Pipeline Groovy Remote Code Execution (CVE-2019-1003001)
2020-02-11 00:00:00
nvd
nvd
CVE-2019-1003001
2019-01-22 14:29:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-16 03:24:07
prion
prion
Security feature bypass
2019-01-22 14:29:00
nessus
nessus
Jenkins Security Advisory 2019-01-08 Multiple Vulnerabilities
2019-09-24 00:00:00
packetstorm
packetstorm
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
2019-03-19 00:00:00