Show plain JSON{"affected_release": [{"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-enterprise-service-catalog-1:3.11.117-1.git.1.376e432.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-cluster-autoscaler-0:3.11.117-1.git.1.caa79fa.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-descheduler-0:3.11.117-1.git.1.1635b0a.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-dockerregistry-0:3.11.117-1.git.1.6a42b08.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-metrics-server-0:3.11.117-1.git.1.319d58e.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-node-problem-detector-0:3.11.117-1.git.1.0345fe3.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-service-idler-0:3.11.117-1.git.1.887bb82.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-web-console-0:3.11.117-1.git.1.be7a05c.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "cri-o-0:1.11.14-1.rhaos3.11.gitd56660e.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-openshift-oauth-proxy-0:3.11.117-1.git.1.2b006d2.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-alertmanager-0:3.11.117-1.git.1.207ef35.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-node_exporter-0:3.11.117-1.git.1.dcee33f.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-prometheus-0:3.11.117-1.git.1.f52d417.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-0:2.164.2.1555422716-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-2-plugins-0:3.11.1559667994-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-ansible-0:3.11.123-1.git.0.db681ba.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-autoheal-0:3.11.117-1.git.1.ef32a58.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHBA-2019:1605", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-cluster-capacity-0:3.11.117-1.git.1.6593fce.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-26T00:00:00Z"}, {"advisory": "RHSA-2019:1636", "cpe": "cpe:/a:redhat:openshift:4.1::el7", "package": "jenkins-2-plugins-0:4.1.1561471763-1.el7", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2019-07-03T00:00:00Z"}, {"advisory": "RHBA-2019:2921", "cpe": "cpe:/a:redhat:openshift:4.2::el7", "package": "jenkins-2-plugins-0:4.2.1568997376-1.el7", "product_name": "Red Hat OpenShift Container Platform 4.2", "release_date": "2019-10-16T00:00:00Z"}], "bugzilla": {"description": "jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)", "id": "1716794", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716794"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-184", "details": ["Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.", "A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-10328", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "package_name": "jenkins-plugin-workflow-remote-loader", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Will not fix", "package_name": "jenkins-plugin-workflow-remote-loader", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Will not fix", "package_name": "jenkins-plugin-workflow-remote-loader", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "jenkins-plugin-workflow-remote-loader", "product_name": "Red Hat OpenShift Container Platform 3.9"}], "public_date": "2019-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10328\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10328\nhttps://jenkins.io/security/advisory/2019-05-31/#SECURITY-921"], "threat_severity": "Important"}