PT-2019-2578 · Jenkins · Jenkins Script Security Plugin+1

Anthony Weems

Publicado

2019-03-25

Atualizado

2023-10-25

CVE-2019-1003040

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions 1.55 and earlier

Description The issue is related to a sandbox bypass vulnerability in the Jenkins Script Security Plugin, which is caused by incorrect type conversion. This allows a remote attacker to invoke arbitrary constructors in sandboxed scripts.

Recommendations For Jenkins Script Security Plugin versions 1.55 and earlier, update to a version later than 1.55 to resolve the issue.

Correção

Incorrect Type Conversion or Cast

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-470CWE-704

Identificadores relacionados

BDU:2019-02453

CVE-2019-1003040

GHSA-3PV3-JJ4H-P528

RHSA-2019:1423

Produtos afetados

Jenkins

Jenkins Script Security Plugin

PT-2019-2578 · Jenkins · Jenkins Script Security Plugin+1

CVE-2019-1003040

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12