3 matches found
CVE-2019-10390
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM...
CVE-2019-10390
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM...
CVE-2019-10390
CVE-2019-10390 describes a sandbox bypass in Jenkins Splunk Plugin ≤1.7.4 where an HTTP form-validation endpoint allowed attackers with Overall/Read to submit a Groovy script that could execute arbitrary code on the Jenkins master JVM. Root cause: unsafe AST transformations (e.g., @Grab) not sand...