Improper Control of Generation of Code in Jenkins Script Security Plugin

GHSA-72gx-qq2m-6xr2 · CVE-2019-10431

Published May 24, 2022 · Modified Feb 16, 2024

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-10431
WEB https://github.com/jenkinsci/script-security-plugin/commit/415b6e2f3fa0c2e4bd2f9c4a589a9e1fc9cbac8b
WEB https://access.redhat.com/errata/RHSA-2019:4055
WEB https://access.redhat.com/errata/RHSA-2019:4089
WEB https://access.redhat.com/errata/RHSA-2019:4097
PACKAGE https://github.com/jenkinsci/script-security-plugin
WEB https://github.com/jenkinsci/script-security-plugin/blob/7bd58b8635709cecdb50018844e5d6dbe1ce13ea/CHANGELOG.md
WEB https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579
WEB http://www.openwall.com/lists/oss-security/2019/10/01/2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes