Description
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
Published: 2019-03-08
Score: 9.9 Critical
EPSS: 1.8% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-2645 A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
Github GHSA Github GHSA GHSA-5r74-pgmq-92mm Script security sandbox bypass in Jenkins Job DSL Plugin
History

No history.

Subscriptions

Jenkins Job Dsl
Redhat Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2024-08-05T03:07:16.812Z

Reserved: 2019-03-08T00:00:00.000Z

Link: CVE-2019-1003034

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-08T21:29:00.500

Modified: 2024-11-21T04:17:46.813

Link: CVE-2019-1003034

cve-icon Redhat

Severity : Important

Publid Date: 2019-03-06T00:00:00Z

Links: CVE-2019-1003034 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses