CVE Vulnerabilities

CVE-2019-10306

Published: Apr 18, 2019 | Modified: Oct 25, 2023
CVSS 3.x
9.9
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.

Affected Software

Name Vendor Start Version End Version
Ontrack Jenkins * 3.4

References