10 matches found
RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...
Jenkins Script Security Plugin Remote Code Execution (CVE-2019-1003029)
A remote code execution vulnerability exists in Jenkins Script Security Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
RHEL 7 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
Important: Red Hat Security Advisory: Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins security update
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2019-1003029
creationtimestamp| type| source ---|---|--- 2019-03-18 12:37:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkinsmetaprogramming.rb 2019-05-05 19:20:03+00:00| seen| MISP/5ccf3134-ea64-43c1-a356-f9f3950d210f 2022-07-31 07:01:12+00:00|...
CVE-2019-1003029
A flaw was found in the Jenkins Script Security plugin version 1.53. An attacker with Overall/Read permissions is able to escape the sandbox and execute arbitrary code on the Jenkins master JVM. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
Immunity Canvas: JENKINS_CHECKSCRIPT_RCE
Name| jenkinscheckscriptrce ---|--- CVE| CVE-2019-1003029 Exploit Pack| CANVAS Description| RCE on Jenkins checkScript Notes| CVE Name: CVE-2019-1003029 CVE-2019-1003005 CVE-2018-1000861 VENDOR: Jenkins NOTES: Groovy Plugin supports sandboxed Groovy expressions for its 'System Groovy'...
CVE-2019-1003029
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...
CVE-2019-1003029
CVE-2019-1003029 describes a sandbox bypass in Jenkins Script Security Plugin (versions ≤ 1.53) that lets attackers with Overall/Read permission execute arbitrary code on the Jenkins master JVM. Affected components are in the plugin’s Groovy sandbox: GroovySandbox.java and SecureGroovyScript.java...
CVE-2019-1003029
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...