CVE-2019-1003030

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Plugin versions 2.63 and earlier

Description A sandbox bypass issue exists that allows attackers who can control pipeline scripts to execute arbitrary code on the Jenkins master JVM. The vulnerability is related to errors in handling input data during code syntax analysis in components such as pom.xml and CpsGroovyShell.java. This could enable a remote attacker to bypass sandbox restrictions and execute arbitrary code.

Recommendations For Jenkins Pipeline: Groovy Plugin versions 2.63 and earlier, update to a version later than 2.63 to resolve the issue. As a temporary workaround, consider restricting access to the Jenkins master JVM to minimize the risk of exploitation.