GSA_kwCzR0hTQS0zcHYzLWpqNGgtcDUyOM33gA

Critical EPSS: 0.02252% (0.836 Percentile) EPSS:

Permalink JSON

Sandbox bypass vulnerability in Jenkins Script Security Plugin

Affected Packages	Affected Versions	Fixed Versions
maven:org.jenkins-ci.plugins:script-security	< 1.56	1.56

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-1003040
https://access.redhat.com/errata/RHSA-2019:1423
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353
http://www.openwall.com/lists/oss-security/2019/03/28/2
http://www.securityfocus.com/bid/107628
https://github.com/jenkinsci/script-security-plugin/commit/8424ad90547e37a2bd3b6a3a7da48eb1af9cd0ee
https://github.com/advisories/GHSA-3pv3-jj4h-p528

Identifiers

GHSA-3pv3-jj4h-p528

CVE-2019-1003040

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.02252

EPSS Percentile: 0.836

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/jenkinsci/script-security-plugin

Date and time

Published

over 3 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories