Vulnerabilities > CVE-2019-1003040 - Unsafe Reflection vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2019-1423.NASL |
description | An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 125806 |
published | 2019-06-11 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/125806 |
title | RHEL 7 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:1423) |
Redhat
advisories |
| ||||
rpms | jenkins-2-plugins-0:3.11.1553788831-1.el7 |
References
- http://www.openwall.com/lists/oss-security/2019/03/28/2
- http://www.openwall.com/lists/oss-security/2019/03/28/2
- http://www.securityfocus.com/bid/107628
- http://www.securityfocus.com/bid/107628
- https://access.redhat.com/errata/RHSA-2019:1423
- https://access.redhat.com/errata/RHSA-2019:1423
- https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353
- https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353