4.9
CVE-2019-10400
- EPSS 0.22%
- Veröffentlicht 12.09.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:19:03
- Quelle jenkinsci-cert@googlegroups.co
- CVE-Watchlists
- Unerledigt
LoginA sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Script Security SwPlatformjenkins Version <= 1.62
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.417 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.2 | 1.6 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:P/I:P/A:N
|