CVE Vulnerabilities

CVE-2019-10394

Published: Sep 12, 2019 | Modified: Nov 02, 2021
CVSS 3.x
4.2
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS 2.x
4.9 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
4.2 IMPORTANT
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Ubuntu

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Affected Software

Name Vendor Start Version End Version
Script_security Jenkins * 1.62
Red Hat OpenShift Container Platform 3.11 RedHat jenkins-2-plugins-0:3.11.1575261255-1.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat jenkins-2-plugins-0:4.1.1574872364-1.el7 *
Red Hat OpenShift Container Platform 4.2 RedHat jenkins-2-plugins-0:4.2.1574873592-1.el7 *

References