Vulnerabilities > CVE-2019-1003041 - Unsafe Reflection vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 109 | |
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2019-1423.NASL |
description | An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 125806 |
published | 2019-06-11 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/125806 |
title | RHEL 7 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:1423) |
Redhat
advisories |
| ||||
rpms | jenkins-2-plugins-0:3.11.1553788831-1.el7 |