CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-10418

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0630%
EPSS Percentile5.75th
Published2019年9月25日
Last Modified2024年11月21日

Vulnerability Description

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

Affected Platforms (CPE)

📦
Jenkins

Kubernetes Pipeline

<= 1.6

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2019/09/25/3
🔗 https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20%282%29
🔗 http://www.openwall.com/lists/oss-security/2019/09/25/3
🔗 https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20%282%29

関連する脆弱性情報

CVE-2019-104179.9

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers t...

CVE-2021-412548.8

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloa...

CVE-2026-409246.5

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...