CVE-2019-1003031

Name of the Vulnerable Software and Affected Versions Jenkins Matrix Project Plugin versions 1.13 and earlier

Description A sandbox bypass issue exists, related to errors in input data processing during code parsing in components such as pom.xml and FilterScript.java. This allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. The issue can be exploited by a remote attacker to bypass sandbox restrictions and execute arbitrary code.

Recommendations For Jenkins Matrix Project Plugin versions 1.13 and earlier, consider restricting access to the FilterScript.java component until a patch is available. As a temporary workaround, limit Job/Configure permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.