Описание
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
A flaw was found in the Jenkins Matrix Project plugin version 1.13. An attacker with Job/Configure permission can bypass the sandbox and can execute arbitrary code on the Jenkins master JVM. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Fixed | RHSA-2019:0739 | 10.04.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
Script security sandbox bypass in Matrix Project Plugin
Уязвимость компонентов pom.xml и FilterScript.java плагина Jenkins Matrix Project, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3