PT-2019-11852 · Puppet+1 · Jenkins Puppet Enterprise Pipeline+1

Jesse Glick

Publicado

2019-10-16

Atualizado

2023-10-25

CVE-2019-10458

CVSS v3.1

9.9

Crítica

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Puppet Enterprise Pipeline versions 1.3.1 and earlier

Description The issue allows attackers to execute arbitrary code if they can execute Script Security protected scripts, due to unsafe values specified in the custom Script Security whitelist.

Recommendations For Jenkins Puppet Enterprise Pipeline versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863CWE-183

Identificadores relacionados

CVE-2019-10458

GHSA-MJ9C-VJP9-PGGH

Produtos afetados

Jenkins

Jenkins Puppet Enterprise Pipeline

PT-2019-11852 · Puppet+1 · Jenkins Puppet Enterprise Pipeline+1

CVE-2019-10458

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5