com.nirima:reactor-plugin (>=0.1 <=0.1.2) potentially affected by CVE-2019-1003033 via org.jenkins-ci.plugins:groovy (=1.27)

org.jenkins-ci.plugins:groovy MAVEN version =1.27 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:groovy and may be impacted: - com.nirima:reactor-plugin =0.1, =0.1.2 Source cves: CVE-2019-1003033 Source advisory:...

CVE-2019-1003033

creationtimestamp| type| source ---|---|--- 2019-05-05 19:20:03+00:00| seen| MISP/5ccf3134-ea64-43c1-a356-f9f3950d210f...

CVE-2019-1003033

The CVE targets the Jenkins Groovy Plugin (versions 2.1 and earlier) and affects the sandbox/implementation in StringScriptSource.java. The underlying issue allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM, indicating a sandbox bypass in public-fac...

CVE-2019-1003033

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM...