Vulnerability Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Script Security | <= 1.61 |
| Redhat | Openshift Container Platform | 3.11 |
References
- http://www.openwall.com/lists/oss-security/2019/07/31/1Mailing ListThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2594Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2651Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2662Third Party Advisory
- https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29
- http://www.openwall.com/lists/oss-security/2019/07/31/1Mailing ListThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2594Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2651Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2662Third Party Advisory
- https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29
FAQ
What is CVE-2019-10356?
CVE-2019-10356 is a vulnerability with a CVSS score of 8.8 (HIGH). A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...
How severe is CVE-2019-10356?
CVE-2019-10356 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10356?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Script Security, Redhat Openshift Container Platform.