CVE-2019-1003034

A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:job_dsl:*:*:*:*:*:jenkins:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

Information

Published : 2019-03-08 13:29

Updated : 2020-09-30 05:55


NVD link : CVE-2019-1003034

Mitre link : CVE-2019-1003034


JSON object : View

Advertisement

dedicated server usa

Products Affected

redhat

  • openshift_container_platform

jenkins

  • job_dsl