CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10306

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.0%

CVSS Severity

CVSS v3 Score 9.9

CVSS v2 Score 6.5

References

Products affected by CVE-2019-10306

Jenkins » Ontrack » Version: 2.0.0

cpe:2.3:a:jenkins:ontrack:2.0.0
Jenkins » Ontrack » Version: 2.0.1

cpe:2.3:a:jenkins:ontrack:2.0.1
Jenkins » Ontrack » Version: 2.1.0

cpe:2.3:a:jenkins:ontrack:2.1.0
Jenkins » Ontrack » Version: 2.11.0

cpe:2.3:a:jenkins:ontrack:2.11.0
Jenkins » Ontrack » Version: 2.12.0

cpe:2.3:a:jenkins:ontrack:2.12.0
Jenkins » Ontrack » Version: 2.13.0

cpe:2.3:a:jenkins:ontrack:2.13.0
Jenkins » Ontrack » Version: 2.13.1

cpe:2.3:a:jenkins:ontrack:2.13.1
Jenkins » Ontrack » Version: 2.13.2

cpe:2.3:a:jenkins:ontrack:2.13.2
Jenkins » Ontrack » Version: 2.14.0

cpe:2.3:a:jenkins:ontrack:2.14.0
Jenkins » Ontrack » Version: 2.15.0

cpe:2.3:a:jenkins:ontrack:2.15.0
Jenkins » Ontrack » Version: 2.16.0

cpe:2.3:a:jenkins:ontrack:2.16.0
Jenkins » Ontrack » Version: 2.17.0

cpe:2.3:a:jenkins:ontrack:2.17.0
Jenkins » Ontrack » Version: 2.18.0

cpe:2.3:a:jenkins:ontrack:2.18.0
Jenkins » Ontrack » Version: 2.18.1

cpe:2.3:a:jenkins:ontrack:2.18.1
Jenkins » Ontrack » Version: 2.19.0

cpe:2.3:a:jenkins:ontrack:2.19.0
Jenkins » Ontrack » Version: 2.19.1

cpe:2.3:a:jenkins:ontrack:2.19.1
Jenkins » Ontrack » Version: 2.19.2

cpe:2.3:a:jenkins:ontrack:2.19.2
Jenkins » Ontrack » Version: 2.2.0

cpe:2.3:a:jenkins:ontrack:2.2.0
Jenkins » Ontrack » Version: 2.2.1

cpe:2.3:a:jenkins:ontrack:2.2.1
Jenkins » Ontrack » Version: 2.21.0

cpe:2.3:a:jenkins:ontrack:2.21.0
Jenkins » Ontrack » Version: 2.22.0

cpe:2.3:a:jenkins:ontrack:2.22.0
Jenkins » Ontrack » Version: 2.22.1

cpe:2.3:a:jenkins:ontrack:2.22.1
Jenkins » Ontrack » Version: 2.22.2

cpe:2.3:a:jenkins:ontrack:2.22.2
Jenkins » Ontrack » Version: 2.22.3

cpe:2.3:a:jenkins:ontrack:2.22.3
Jenkins » Ontrack » Version: 2.22.4

cpe:2.3:a:jenkins:ontrack:2.22.4
Jenkins » Ontrack » Version: 2.25.0

cpe:2.3:a:jenkins:ontrack:2.25.0
Jenkins » Ontrack » Version: 2.25.1

cpe:2.3:a:jenkins:ontrack:2.25.1
Jenkins » Ontrack » Version: 2.26.0

cpe:2.3:a:jenkins:ontrack:2.26.0
Jenkins » Ontrack » Version: 2.28.1

cpe:2.3:a:jenkins:ontrack:2.28.1
Jenkins » Ontrack » Version: 2.28.2

cpe:2.3:a:jenkins:ontrack:2.28.2
Jenkins » Ontrack » Version: 2.29.0

cpe:2.3:a:jenkins:ontrack:2.29.0
Jenkins » Ontrack » Version: 2.29.1

cpe:2.3:a:jenkins:ontrack:2.29.1
Jenkins » Ontrack » Version: 2.3.0

cpe:2.3:a:jenkins:ontrack:2.3.0
Jenkins » Ontrack » Version: 2.30.1

cpe:2.3:a:jenkins:ontrack:2.30.1
Jenkins » Ontrack » Version: 2.30.2

cpe:2.3:a:jenkins:ontrack:2.30.2
Jenkins » Ontrack » Version: 2.30.3

cpe:2.3:a:jenkins:ontrack:2.30.3
Jenkins » Ontrack » Version: 2.30.3.1

cpe:2.3:a:jenkins:ontrack:2.30.3.1
Jenkins » Ontrack » Version: 2.30.3.2

cpe:2.3:a:jenkins:ontrack:2.30.3.2
Jenkins » Ontrack » Version: 2.30.3.3

cpe:2.3:a:jenkins:ontrack:2.30.3.3
Jenkins » Ontrack » Version: 2.30.3.4

cpe:2.3:a:jenkins:ontrack:2.30.3.4
Jenkins » Ontrack » Version: 2.30.3.5

cpe:2.3:a:jenkins:ontrack:2.30.3.5
Jenkins » Ontrack » Version: 2.30.3.6

cpe:2.3:a:jenkins:ontrack:2.30.3.6
Jenkins » Ontrack » Version: 2.30.3.7

cpe:2.3:a:jenkins:ontrack:2.30.3.7
Jenkins » Ontrack » Version: 2.30.3.8

cpe:2.3:a:jenkins:ontrack:2.30.3.8
Jenkins » Ontrack » Version: 2.30.4

cpe:2.3:a:jenkins:ontrack:2.30.4
Jenkins » Ontrack » Version: 2.30.5

cpe:2.3:a:jenkins:ontrack:2.30.5
Jenkins » Ontrack » Version: 2.31.0

cpe:2.3:a:jenkins:ontrack:2.31.0
Jenkins » Ontrack » Version: 2.31.1

cpe:2.3:a:jenkins:ontrack:2.31.1
Jenkins » Ontrack » Version: 2.31.2

cpe:2.3:a:jenkins:ontrack:2.31.2
Jenkins » Ontrack » Version: 2.31.3

cpe:2.3:a:jenkins:ontrack:2.31.3
Jenkins » Ontrack » Version: 2.31.4

cpe:2.3:a:jenkins:ontrack:2.31.4
Jenkins » Ontrack » Version: 2.31.5

cpe:2.3:a:jenkins:ontrack:2.31.5
Jenkins » Ontrack » Version: 2.31.6

cpe:2.3:a:jenkins:ontrack:2.31.6
Jenkins » Ontrack » Version: 2.32.0

cpe:2.3:a:jenkins:ontrack:2.32.0
Jenkins » Ontrack » Version: 2.32.1

cpe:2.3:a:jenkins:ontrack:2.32.1
Jenkins » Ontrack » Version: 2.32.2

cpe:2.3:a:jenkins:ontrack:2.32.2
Jenkins » Ontrack » Version: 2.32.3

cpe:2.3:a:jenkins:ontrack:2.32.3
Jenkins » Ontrack » Version: 2.32.4

cpe:2.3:a:jenkins:ontrack:2.32.4
Jenkins » Ontrack » Version: 2.32.5

cpe:2.3:a:jenkins:ontrack:2.32.5
Jenkins » Ontrack » Version: 2.33.0

cpe:2.3:a:jenkins:ontrack:2.33.0
Jenkins » Ontrack » Version: 2.33.1

cpe:2.3:a:jenkins:ontrack:2.33.1
Jenkins » Ontrack » Version: 2.33.2

cpe:2.3:a:jenkins:ontrack:2.33.2
Jenkins » Ontrack » Version: 2.33.3

cpe:2.3:a:jenkins:ontrack:2.33.3
Jenkins » Ontrack » Version: 2.33.4

cpe:2.3:a:jenkins:ontrack:2.33.4
Jenkins » Ontrack » Version: 2.4.0

cpe:2.3:a:jenkins:ontrack:2.4.0
Jenkins » Ontrack » Version: 2.4.1

cpe:2.3:a:jenkins:ontrack:2.4.1
Jenkins » Ontrack » Version: 2.4.2

cpe:2.3:a:jenkins:ontrack:2.4.2
Jenkins » Ontrack » Version: 2.4.3

cpe:2.3:a:jenkins:ontrack:2.4.3
Jenkins » Ontrack » Version: 2.5.0

cpe:2.3:a:jenkins:ontrack:2.5.0
Jenkins » Ontrack » Version: 2.6.0

cpe:2.3:a:jenkins:ontrack:2.6.0
Jenkins » Ontrack » Version: 2.7.0

cpe:2.3:a:jenkins:ontrack:2.7.0
Jenkins » Ontrack » Version: 2.8.0

cpe:2.3:a:jenkins:ontrack:2.8.0
Jenkins » Ontrack » Version: 2.9.0

cpe:2.3:a:jenkins:ontrack:2.9.0
Jenkins » Ontrack » Version: 3.0

cpe:2.3:a:jenkins:ontrack:3.0
Jenkins » Ontrack » Version: 3.1

cpe:2.3:a:jenkins:ontrack:3.1
Jenkins » Ontrack » Version: 3.2

cpe:2.3:a:jenkins:ontrack:3.2
Jenkins » Ontrack » Version: 3.3

cpe:2.3:a:jenkins:ontrack:3.3
Jenkins » Ontrack » Version: 3.4

cpe:2.3:a:jenkins:ontrack:3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10306

Products

Pricing

Contact Us