ReportizFlow
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Jenkins |
|
| Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | |||
| jenkins-2-plugins-0:3.11.1552336312-1.el7 | cpe:/a:redhat:openshift:3.11::el7 | RHSA-2019:0739 | 2019-04-10T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2019-03-08T21:00:00
Updated: 2024-08-05T03:07:16.812Z
Reserved: 2019-03-08T00:00:00
Link: CVE-2019-1003034
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-08T21:29:00.500
Modified: 2024-11-21T04:17:46.813
Link: CVE-2019-1003034
Redhat