CVE-2019-10431

Опубликовано: 01 окт. 2019

Источник: nvd

CVSS3: 9.9

CVSS2: 6.5

EPSS Низкий

Описание

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.

Ссылки

http://www.openwall.com/lists/oss-security/2019/10/01/2
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4055
https://access.redhat.com/errata/RHSA-2019:4089
https://access.redhat.com/errata/RHSA-2019:4097
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579
Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/10/01/2
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4055
https://access.redhat.com/errata/RHSA-2019:4089
https://access.redhat.com/errata/RHSA-2019:4097
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*

Версия до 1.64 (включая)

EPSS

Процентиль: 56%

0.00342

Низкий

9.9 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2019-10431

CVSS3: 8.8

redhat

больше 6 лет назад

GHSA-72gx-qq2m-6xr2