Lucene search

PRIOn knowledge basePRION:CVE-2019-1003000

HistoryJan 22, 2019 - 2:29 p.m.

Security feature bypass

2019-01-2214:29:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.621 Medium

EPSS

Percentile

97.9%

JSON

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.

CPENameOperatorVersion
script_securityle1.49
openshift_container_platformeq3.11

CPE	Name	Operator	Version
	script_security	le	1.49
	openshift_container_platform	eq	3.11

References

packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html

www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming

access.redhat.com/errata/RHBA-2019:0326

access.redhat.com/errata/RHBA-2019:0327

jenkins.io/security/advisory/2019-01-08/

www.exploit-db.com/exploits/46453/

www.exploit-db.com/exploits/46572/