CVEブラウザに戻る

CVE-2019-1003029

Known Exploited (CISA KEV)CRITICAL

9.9

CVSS Severity Score

EPSS Score58.8920%

EPSS Percentile96.24th

Published2019年3月8日

Last Modified2025年10月24日

Vulnerability Description

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.

Affected Platforms (CPE)

📦

Jenkins

Script Security

<= 1.53

📦

Redhat

Openshift Container Platform

= 3.11

References & Advisories

🔗 http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html

🔗 http://www.securityfocus.com/bid/107476

🔗 https://access.redhat.com/errata/RHSA-2019:0739

🔗 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29

🔗 http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html

🔗 http://www.securityfocus.com/bid/107476

🔗 https://access.redhat.com/errata/RHSA-2019:0739

🔗 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29

関連する脆弱性情報

CVE-2003-150910.0

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0....

CVE-2006-567510.0

Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impac...

CVE-2002-136110.0

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute a...

CVE-2009-395610.0

The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable ...