CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-1003032

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0070%
EPSS Percentile0.07th
Published2019年3月8日
Last Modified2024年11月21日

Vulnerability Description

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.

Affected Platforms (CPE)

📦
Jenkins

Email Extension

<= 2.64

References & Advisories

🔗 http://www.securityfocus.com/bid/107476
🔗 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340
🔗 http://www.securityfocus.com/bid/107476
🔗 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340

相關漏洞威脅

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2017-144828.8

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data ...

CVE-2019-196808.8

A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through...

CVE-2018-154538.6

A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harv...