CVE-2019-1003032

Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.64 and earlier

Description: A sandbox bypass issue exists that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. The issue is related to files such as pom.xml, ExtendedEmailPublisher.java, EmailExtScript.java, ScriptContent.java, and AbstractScriptTrigger.java.

Recommendations: For Jenkins Email Extension Plugin versions 2.64 and earlier, update to a version later than 2.64 to resolve the issue. As a temporary workaround, consider restricting Job/Configure permissions to minimize the risk of exploitation.