CVE-2019-1003029

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-1003029

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1003029.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-1003029

Aliases

GHSA-xvxq-hq48-xphm

Downstream

RHSA-2019:0739

Published

2019-03-08T21:29:00.297Z

Modified

2026-04-11T12:09:56.061330Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "3.11"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/jenkinsci/script-security-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/script-security-plugin

Events

Introduced

Last affected

156eacb22bb4a79e06373848945422f5df0981f0

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.53"
        }
    ]
}

Affected versions

script-security-1.*

script-security-1.0

script-security-1.0-beta-1

script-security-1.0-beta-2

script-security-1.0-beta-3

script-security-1.0-beta-4

script-security-1.0-beta-5

script-security-1.0-beta-6

script-security-1.1

script-security-1.10

script-security-1.11

script-security-1.12

script-security-1.13

script-security-1.14

script-security-1.15

script-security-1.16

script-security-1.17

script-security-1.18

script-security-1.19

script-security-1.2

script-security-1.20

script-security-1.21

script-security-1.22

script-security-1.23

script-security-1.24

script-security-1.25

script-security-1.26

script-security-1.27

script-security-1.28

script-security-1.29

script-security-1.3

script-security-1.30

script-security-1.31

script-security-1.32

script-security-1.33

script-security-1.34

script-security-1.35

script-security-1.36

script-security-1.37

script-security-1.38

script-security-1.39

script-security-1.4

script-security-1.40

script-security-1.41

script-security-1.42

script-security-1.43

script-security-1.44

script-security-1.45

script-security-1.46

script-security-1.47

script-security-1.48

script-security-1.49

script-security-1.5

script-security-1.50

script-security-1.51

script-security-1.52

script-security-1.53

script-security-1.6

script-security-1.7

script-security-1.8

script-security-1.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1003029.json"