CVE-2019-10458

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Puppet Enterprise Pipeline versions 1.3.1 and earlier

Description The issue allows attackers to execute arbitrary code if they can execute Script Security protected scripts, due to unsafe values specified in the custom Script Security whitelist.

Recommendations For Jenkins Puppet Enterprise Pipeline versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-183

Related Identifiers

CVE-2019-10458

GHSA-MJ9C-VJP9-PGGH

Affected Products

Jenkins

Jenkins Puppet Enterprise Pipeline

CVE-2019-10458

Weakness Enumeration

Related Identifiers

Affected Products

References · 5