6 matches found
RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...
CVE-2019-1003005
A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...
RHEL 7 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
Important: Red Hat Security Advisory: Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins security update
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Immunity Canvas: JENKINS_CHECKSCRIPT_RCE
Name| jenkinscheckscriptrce ---|--- CVE| CVE-2019-1003029 Exploit Pack| CANVAS Description| RCE on Jenkins checkScript Notes| CVE Name: CVE-2019-1003029 CVE-2019-1003005 CVE-2018-1000861 VENDOR: Jenkins NOTES: Groovy Plugin supports sandboxed Groovy expressions for its 'System Groovy'...
CVE-2019-1003005
CVE-2019-1003005 describes a sandbox bypass in Jenkins Script Security Plugin (versions 1.50 and earlier) where an attacker with Overall/Read permission can supply a Groovy script to an HTTP endpoint, potentially leading to arbitrary code execution on the Jenkins master JVM. Public references (in...