Vulnerabilities > CVE-2019-1003040 - Unsafe Reflection vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jenkins

redhat

CWE-470

critical

nessus

NVD

Published: 2019-03-28

Updated: 2023-10-25

Summary

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Script Security 1.0 Jenkins Script Security 1.1 Jenkins Script Security 1.2 Jenkins Script Security 1.3 Jenkins Script Security 1.4 Jenkins Script Security 1.5 Jenkins Script Security 1.6 Jenkins Script Security 1.7 Jenkins Script Security 1.8 Jenkins Script Security 1.9 Jenkins Script Security 1.10 Jenkins Script Security 1.11 Jenkins Script Security 1.12 Jenkins Script Security 1.13 Jenkins Script Security 1.14 Jenkins Script Security 1.15 Jenkins Script Security 1.16 Jenkins Script Security 1.17 Jenkins Script Security 1.18 Jenkins Script Security 1.18.1 Jenkins Script Security 1.19 Jenkins Script Security 1.20 Jenkins Script Security 1.21 Jenkins Script Security 1.22 Jenkins Script Security 1.23 Jenkins Script Security 1.24 Jenkins Script Security 1.25 Jenkins Script Security 1.26 Jenkins Script Security 1.27 Jenkins Script Security 1.28 Jenkins Script Security 1.29 Jenkins Script Security 1.29.1 Jenkins Script Security 1.30 Jenkins Script Security 1.31 Jenkins Script Security 1.32 Jenkins Script Security 1.33 Jenkins Script Security 1.34 Jenkins Script Security 1.35 Jenkins Script Security 1.36 Jenkins Script Security 1.37 Jenkins Script Security 1.38 Jenkins Script Security 1.39 Jenkins Script Security 1.40 Jenkins Script Security 1.41 Jenkins Script Security 1.42 Jenkins Script Security 1.43 Jenkins Script Security 1.44 Jenkins Script Security 1.44.1 Jenkins Script Security 1.45 Jenkins Script Security 1.46 Jenkins Script Security 1.46.1 Jenkins Script Security 1.47 Jenkins Script Security 1.48 Jenkins Script Security 1.49 Jenkins Script Security 1.50 Jenkins Script Security 1.51 Jenkins Script Security 1.52 Jenkins Script Security 1.53 Jenkins Script Security 1.54 Jenkins Script Security 1.54.1 Jenkins Script Security 1.54.2 Jenkins Script Security 1.54.3 Jenkins Script Security 1.54.4 Jenkins Script Security 1.55	71
Application	Redhat Redhat Openshift Container Platform 3.11	1

Common Weakness Enumeration (CWE)

CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-1423.NASL
description	An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
last seen	2020-06-01
modified	2020-06-02
plugin id	125806
published	2019-06-11
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125806
title	RHEL 7 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:1423)

Redhat

advisories

rhsa

id	RHSA-2019:1423

rpms

jenkins-2-plugins-0:3.11.1553788831-1.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References