CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1003031

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1020%
EPSS Percentile19.52th
PublishedMar 8, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Matrix Project

<= 1.13
πŸ“¦
Redhat

Openshift Container Platform

= 3.11

References & Advisories

πŸ”— http://www.securityfocus.com/bid/107476
πŸ”— https://access.redhat.com/errata/RHSA-2019:0739
πŸ”— https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339
πŸ”— http://www.securityfocus.com/bid/107476
πŸ”— https://access.redhat.com/errata/RHSA-2019:0739
πŸ”— https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339

Related Vulnerabilities

CVE-2020-22255.4

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds wit...

CVE-2020-22245.4

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds wit...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...