CyberSec.Space Logo
Back to CVE Browser

CVE-2019-10418

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0630%
EPSS Percentile5.75th
PublishedSep 25, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Kubernetes Pipeline

<= 1.6

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2019/09/25/3
πŸ”— https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20%282%29
πŸ”— http://www.openwall.com/lists/oss-security/2019/09/25/3
πŸ”— https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20%282%29

Related Vulnerabilities

CVE-2019-104179.9

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers t...

CVE-2021-412548.8

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloa...

CVE-2026-409246.5

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...