Vulnerability Details CVE-2019-10328
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.2%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 6.5
References
- http://www.openwall.com/lists/oss-security/2019/05/31/2
- http://www.securityfocus.com/bid/108540
- https://access.redhat.com/errata/RHBA-2019:1605
- https://access.redhat.com/errata/RHSA-2019:1636
- https://jenkins.io/security/advisory/2019-05-31/#SECURITY-921
- http://www.openwall.com/lists/oss-security/2019/05/31/2
- http://www.securityfocus.com/bid/108540
- https://access.redhat.com/errata/RHBA-2019:1605
- https://access.redhat.com/errata/RHSA-2019:1636
- https://jenkins.io/security/advisory/2019-05-31/#SECURITY-921
Products affected by CVE-2019-10328
-
cpe:2.3:a:jenkins:pipeline_remote_loader:1.0
-
cpe:2.3:a:jenkins:pipeline_remote_loader:1.1
-
cpe:2.3:a:jenkins:pipeline_remote_loader:1.2
-
cpe:2.3:a:jenkins:pipeline_remote_loader:1.3
-
cpe:2.3:a:jenkins:pipeline_remote_loader:1.4