Vulnerability Description
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
CVSS Score
9.9
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Ontrack | <= 3.4 |
References
- http://www.securityfocus.com/bid/108045Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341Vendor Advisory
- http://www.securityfocus.com/bid/108045Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341Vendor Advisory
FAQ
What is CVE-2019-10306?
CVE-2019-10306 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
How severe is CVE-2019-10306?
CVE-2019-10306 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10306?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Ontrack.