Vulnerability Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Script Security | <= 1.61 |
| Redhat | Openshift Container Platform | 3.11 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/07/31/1Mailing ListThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2594Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2651Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2662Third Party Advisory
- https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%281%29
- http://www.openwall.com/lists/oss-security/2019/07/31/1Mailing ListThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2594Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2651Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2662Third Party Advisory
- https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%281%29
FAQ
What is CVE-2019-10355?
CVE-2019-10355 is a vulnerability with a CVSS score of 8.8 (HIGH). A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
How severe is CVE-2019-10355?
CVE-2019-10355 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10355?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Script Security, Redhat Openshift Container Platform.