9.9
CVE-2019-10458
- EPSS 0.33%
- Published 16.10.2019 14:15:13
- Last modified 21.11.2024 04:19:10
- Source jenkinsci-cert@googlegroups.co
- Teams watchlist Login
- Open Login
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Data is provided by the National Vulnerability Database (NVD)
Jenkins ≫ Puppet Enterprise Pipeline SwPlatformjenkins Version <= 1.3.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.33% | 0.525 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|