Vulnerabilities > CVE-2019-1003041 - Unsafe Reflection vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
jenkins
redhat
CWE-470
critical
nessus

Summary

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

Vulnerable Configurations

Part Description Count
Application
Jenkins
109
Application
Redhat
1

Nessus

NASL familyRed Hat Local Security Checks
NASL idREDHAT-RHSA-2019-1423.NASL
descriptionAn update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
last seen2020-06-01
modified2020-06-02
plugin id125806
published2019-06-11
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/125806
titleRHEL 7 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:1423)

Redhat

advisories
rhsa
idRHSA-2019:1423
rpmsjenkins-2-plugins-0:3.11.1553788831-1.el7