{"containers": {"cna": {"affected": [{"product": "Pipeline: Groovy Plugin", "vendor": "Jenkins project", "versions": [{"status": "affected", "version": "2.61 and earlier"}]}], "dateAssigned": "2019-01-21T00:00:00", "datePublic": "2019-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:44:30.641Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"}, {"name": "RHBA-2019:0326", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:0326"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"}, {"name": "46572", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46572/"}, {"name": "RHBA-2019:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "DATE_ASSIGNED": "2019-01-21T18:56:51.575446", "ID": "CVE-2019-1003001", "REQUESTER": "ml@beckweb.net", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pipeline: Groovy Plugin", "version": {"version_data": [{"version_value": "2.61 and earlier"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"}, {"name": "RHBA-2019:0326", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0326"}, {"name": "http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html"}, {"name": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"}, {"name": "46572", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46572/"}, {"name": "RHBA-2019:0327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0327"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:19.299Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"}, {"name": "RHBA-2019:0326", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:0326"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"}, {"name": "46572", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46572/"}, {"name": "RHBA-2019:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2019-1003001", "datePublished": "2019-01-22T14:00:00", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-05T03:00:19.299Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:pipeline\\:_groovy:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "6CA30731-D10B-40EB-A6DF-90B2FC6C15B3", "versionEndIncluding": "2.61", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de sandbox en Pipeline: el plugin Groovy, en la versi\u00f3n 2.61 y anteriores, en src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java y src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java permite a los atacantes con permisos de \"Overall/Read\" proporcionar un script \"pipeline\" a un endpoint HTTP que puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario enla m\u00e1quina virtual de Java maestra de Jenkins."}], "id": "CVE-2019-1003001", "lastModified": "2024-11-21T04:17:43.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-22T14:29:00.330", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0326"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46572/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46572/"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-enterprise-service-catalog-1:3.11.82-1.git.1673.133961e.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.82-1.git.0.08bc31b.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-cluster-autoscaler-0:3.11.82-1.git.0.efb6af0.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-descheduler-0:3.11.82-1.git.300.89765c9.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-dockerregistry-0:3.11.82-1.git.452.0ce6383.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-metrics-server-0:3.11.82-1.git.52.2fdca3f.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-node-problem-detector-0:3.11.82-1.git.254.a448936.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-service-idler-0:3.11.82-1.git.14.e353758.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-web-console-0:3.11.82-1.git.355.5e8b1d9.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-openshift-oauth-proxy-0:3.11.82-1.git.425.7cac034.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-alertmanager-0:3.11.82-1.git.0.3bf41ce.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-node_exporter-0:3.11.82-1.git.1063.48444e8.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-prometheus-0:3.11.82-1.git.5027.9d24833.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "haproxy-0:1.8.17-3.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-0:2.150.2.1549032159-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-2-plugins-0:3.11.1549642489-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-ansible-0:3.11.82-3.git.0.9718d0a.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-autoheal-0:3.11.82-1.git.219.0b5aff4.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}, {"advisory": "RHBA-2019:0326", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-cluster-capacity-0:3.11.82-1.git.380.cf11c51.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-02-20T00:00:00Z"}], "bugzilla": {"description": "jenkins-plugin-workflow-cps: Sandbox Bypass in Pipeline: Groovy Plugin", "id": "1669505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1669505"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-96", "details": ["A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.", "A flaw was found in Jenkins Pipeline. In the Declarative plugin, the script sandbox protection could be circumvented during the script compilation phase by applying AST. Both the pipeline validation REST APIs and the actual script/pipeline execution are affected. This allows users with Overall/Read permissions, or those able to control Jenkinsfile or the sandboxed Pipeline shared library contents in SCM, to bypass sandbox protection and execute arbitrary code on the Jenkins master. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-1003001", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Affected", "package_name": "jenkins-plugin-workflow-cps", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.2", "fix_state": "Out of support scope", "package_name": "jenkins-plugin-workflow-cps", "product_name": "Red Hat OpenShift Container Platform 3.2"}, {"cpe": "cpe:/a:redhat:openshift:3.3", "fix_state": "Out of support scope", "package_name": "jenkins-plugin-workflow-cps", "product_name": "Red Hat OpenShift Container Platform 3.3"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Affected", "package_name": "jenkins-plugin-workflow-cps", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Affected", "package_name": "jenkins-plugin-workflow-cps", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Affected", "package_name": "jenkins-plugin-workflow-cps", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Affected", "package_name": "jenkins-plugin-workflow-cps", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Affected", "package_name": "jenkins-plugin-workflow-cps", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-01-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-1003001\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1003001\nhttps://jenkins.io/security/advisory/2019-01-08/"], "threat_severity": "Important", "upstream_fix": "workflow-cps-plugin 2.61.1"}