CVE-2019-1003000

CVSS v3.1 8.8 (High)

CVSS v2.0 6.5 (Medium)

EPSS 33.18 % (97^th)

Affected Products 2

Advisories 2

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2019-01-22 14:29:00
(5 years ago)
Updated Date: 2023-10-25 18:16:00
(10 months ago)

Affected Products

Jenkins

Script Security

Redhat

Openshift Container Platform

Configuration #1

		CPE23	From	Up To
	Jenkins Script Security for Jenkins 1.49 and prior versions	cpe:2.3:a:jenkins:script_security::::::jenkins		<= 1.49

Configuration #2

		CPE23	From	Up To
	Redhat Openshift Container Platform 3.11	cpe:2.3:a:redhat:openshift_container_platform:3.11