Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2019-10-16T13:00:54

Updated: 2024-08-04T22:24:18.522Z

Reserved: 2019-03-29T00:00:00

Link: CVE-2019-10458

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-16T14:15:13.607

Modified: 2024-11-21T04:19:10.913

Link: CVE-2019-10458

cve-icon Redhat

No data.