CVE-2019-10431 - OpenCVE

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Jenkins	Script Security

Configuration 1 [-]

cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2019/10/01/2	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4055
https://access.redhat.com/errata/RHSA-2019:4089
https://access.redhat.com/errata/RHSA-2019:4097
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jenkins

Published: 2019-10-01T13:45:19

Updated: 2023-10-24T16:49:30.101Z

Reserved: 2019-03-29T00:00:00

Link: CVE-2019-10431

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-01T14:15:18.507

Modified: 2023-10-25T18:16:22.970

Link: CVE-2019-10431

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "Jenkins Script Security Plugin", "vendor": "Jenkins project", "versions": [{"status": "affected", "version": "1.64 and earlier"}]}], "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:49:30.101Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579"}, {"name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"}, {"name": "RHSA-2019:4097", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4097"}, {"name": "RHSA-2019:4055", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4055"}, {"name": "RHSA-2019:4089", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4089"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2019-10431", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Script Security Plugin", "version": {"version_data": [{"version_value": "1.64 and earlier"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-265"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579"}, {"name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"}, {"name": "RHSA-2019:4097", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4097"}, {"name": "RHSA-2019:4055", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4055"}, {"name": "RHSA-2019:4089", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4089"}]}}}}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2019-10431", "datePublished": "2019-10-01T13:45:19", "dateReserved": "2019-03-29T00:00:00", "dateUpdated": "2023-10-24T16:49:30.101Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "0519D75C-7469-4020-8F82-7DDA2AAF0DBB", "versionEndIncluding": "1.64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n del sandbox en Jenkins Script Security Plugin versi\u00f3n 1.64 y anteriores, relacionada con el manejo de expresiones de par\u00e1metros predeterminados en constructores permiti\u00f3 a los atacantes ejecutar c\u00f3digo arbitrario en scripts del sandbox."}], "id": "CVE-2019-10431", "lastModified": "2023-10-25T18:16:22.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-01T14:15:18.507", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"}, {"source": "jenkinsci-cert@googlegroups.com", "url": "https://access.redhat.com/errata/RHSA-2019:4055"}, {"source": "jenkinsci-cert@googlegroups.com", "url": "https://access.redhat.com/errata/RHSA-2019:4089"}, {"source": "jenkinsci-cert@googlegroups.com", "url": "https://access.redhat.com/errata/RHSA-2019:4097"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}