CVE-2019-1003024

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-1003024

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1003024.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-1003024

Aliases

GHSA-jgpm-2862-q5m8

Downstream

RHSA-2019:0739

Published

2019-02-20T21:29:00.270Z

Modified

2026-04-11T12:09:56.093846Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "3.11"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/jenkinsci/script-security-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/script-security-plugin

Events

Introduced

Last affected

8bd2c37bf915ea1d971411e93feb09407a23705f

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.52"
        }
    ]
}

Affected versions

script-security-1.*

script-security-1.0

script-security-1.0-beta-1

script-security-1.0-beta-2

script-security-1.0-beta-3

script-security-1.0-beta-4

script-security-1.0-beta-5

script-security-1.0-beta-6

script-security-1.1

script-security-1.10

script-security-1.11

script-security-1.12

script-security-1.13

script-security-1.14

script-security-1.15

script-security-1.16

script-security-1.17

script-security-1.18

script-security-1.19

script-security-1.2

script-security-1.20

script-security-1.21

script-security-1.22

script-security-1.23

script-security-1.24

script-security-1.25

script-security-1.26

script-security-1.27

script-security-1.28

script-security-1.29

script-security-1.3

script-security-1.30

script-security-1.31

script-security-1.32

script-security-1.33

script-security-1.34

script-security-1.35

script-security-1.36

script-security-1.37

script-security-1.38

script-security-1.39

script-security-1.4

script-security-1.40

script-security-1.41

script-security-1.42

script-security-1.43

script-security-1.44

script-security-1.45

script-security-1.46

script-security-1.47

script-security-1.48

script-security-1.49

script-security-1.5

script-security-1.50

script-security-1.51

script-security-1.52

script-security-1.6

script-security-1.7

script-security-1.8

script-security-1.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1003024.json"