CVE-2019-10328

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline Remote Loader Plugin versions 1.4 and earlier

Description The issue is related to the custom whitelist for script security in the Jenkins Pipeline Remote Loader Plugin, which allowed attackers to invoke arbitrary methods and bypass typical sandbox protection. This could enable a remote attacker to bypass sandbox restrictions and invoke arbitrary methods.

Recommendations For Jenkins Pipeline Remote Loader Plugin versions 1.4 and earlier, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's script security features until a patch is applied.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-183

Related Identifiers

BDU:2019-02523

CVE-2019-10328

GHSA-V558-FHW2-V46W

RHSA-2019:1636

Affected Products

Jenkins

Jenkins Pipeline Remote Loader Plugin

CVE-2019-10328

Weakness Enumeration

Related Identifiers

Affected Products

References · 11