CVE-2019-1003029 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-1003029

CWE

https://cwe.mitre.org/data/definitions/.html

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.

Affected Software

Name	Vendor	Start Version	End Version
Script_security	Jenkins	*	1.53 (including)
Red Hat OpenShift Container Platform 3.11	RedHat	jenkins-2-plugins-0:3.11.1552336312-1.el7	*

References

http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html
http://www.securityfocus.com/bid/107476
https://access.redhat.com/errata/RHSA-2019:0739
https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29