9.9
CVE-2019-1003030
- EPSS 93.01%
- Published 08.03.2019 21:29:00
- Last modified 20.02.2025 18:04:29
- Source jenkinsci-cert@googlegroups.co
- Teams watchlist Login
- Open Login
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
Data is provided by the National Vulnerability Database (NVD)
Jenkins ≫ Pipeline: Groovy SwPlatformjenkins Version <= 2.63
Redhat ≫ Openshift Container Platform Version3.11
25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
VulnerabilityJenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.01% | 0.998 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.