PT-2019-2579 · Jenkins · Jenkins Pipeline: Groovy Plugin+1
Anthony Weems
·
Published
2019-03-25
·
Updated
2023-10-25
·
CVE-2019-1003041
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins Pipeline: Groovy Plugin versions 2.64 and earlier
Description
The issue is related to a sandbox bypass vulnerability in the Jenkins Pipeline: Groovy Plugin, which is associated with incorrect type conversion. This allows attackers to invoke arbitrary constructors in sandboxed scripts, potentially enabling remote attackers to execute malicious actions.
Recommendations
For Jenkins Pipeline: Groovy Plugin versions 2.64 and earlier, update to a version later than 2.64 to resolve the issue.
Fix
Incorrect Type Conversion or Cast
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins
Jenkins Pipeline: Groovy Plugin