RHCOS 4 : Red Hat OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:2662)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2662 advisory. - jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin CVE-2019-10355 -...

RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:4089)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4089 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

RHCOS 4 : OpenShift Container Platform 4.2 jenkins-2-plugins (RHSA-2019:4097)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4097 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:2651)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2651 advisory. - jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin CVE-2019-10355 -...

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:4055)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4055 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:2478)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2478 advisory. - jenkins-git-client-plugin: OS command injection via 'git ls-remote' CVE-2019-10392 - jenkins-script-security-plugin: sandbox...

CVE-2026-42519

A flaw was found in Jenkins Script Security Plugin. An attacker with Overall/Read permission can exploit a missing permission check to enumerate pending and approved Script Security classpaths. This information disclosure vulnerability allows unauthorized access to sensitive configuration details...

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:1423)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1423 advisory. - jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin SECURITY-1353 CVE-2019-100304...

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...

Use of Password Hash Instead of Password for Authentication

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Use of Password Hash Instead of Password for Authentication through the...

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0) +238 more potentially affected by CVE-2026-42519 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1399.ve6a_66547f6e1)

org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =29.v7c3891a434c3, =2.33.0, =4.1.0.506.v619d63bec9d8, =66.v12c841920f7d, =1.151.vbca71ddd0bcf, =1.41.0, =57.vde5161ec7aba, =1.1.0.413.v3023d27e8434, =104.v94ae5f6cdbc3, =7.0, =320.v5a0933ae7d61, =2.4.2, =3.887.vc872cf1b7dff...

GHSA-P334-GFHQ-C7W6 Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

CVE-2026-42519

The provided documents describe CVE-2026-42519 as a vulnerability in the Jenkins Script Security Plugin (version 1399.ve6a_66547f6e1 and earlier). The root cause is a missing permission check that permits users with Overall/Read permission to enumerate pending and approved Script Security classpa...

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

CVE-2026-42519

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...

EUVD-2026-26220

A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...