{"containers": {"cna": {"affected": [{"product": "Jenkins Script Security Plugin", "vendor": "Jenkins project", "versions": [{"status": "affected", "version": "1.52 and earlier"}]}], "dateAssigned": "2019-02-19T00:00:00", "datePublic": "2019-02-20T00:00:00", "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:44:58.030Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320"}, {"name": "107295", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107295"}, {"name": "RHSA-2019:0739", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0739"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "DATE_ASSIGNED": "2019-02-19T22:20:51.846360", "ID": "CVE-2019-1003024", "REQUESTER": "ml@beckweb.net", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Script Security Plugin", "version": {"version_data": [{"version_value": "1.52 and earlier"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320"}, {"name": "107295", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107295"}, {"name": "RHSA-2019:0739", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0739"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:19.284Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320"}, {"name": "107295", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107295"}, {"name": "RHSA-2019:0739", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0739"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2019-1003024", "datePublished": "2019-02-20T21:00:00", "dateReserved": "2019-02-20T00:00:00", "dateUpdated": "2024-08-05T03:00:19.284Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "76228D65-2AF3-47B4-8B8C-A69609C92E4E", "versionEndIncluding": "1.52", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de sandbox en Jenkins Script Security Plugin, en versiones 1.52 y anteriores, en RejectASTTransformsCustomizer.java, que permite que los atacantes con permisos Overall/Read proporcionen un script de Groovy a un endpoint HTTP que puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario en el JVM maestro de Jenkins."}], "id": "CVE-2019-1003024", "lastModified": "2024-11-21T04:17:45.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-20T21:29:00.270", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107295"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0739"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0739"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0739", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-2-plugins-0:3.11.1552336312-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-04-10T00:00:00Z"}], "bugzilla": {"description": "jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320)", "id": "1684556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1684556"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-96", "details": ["A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.", "A flaw was found in the Jenkins script security sandbox. The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab could be circumvented through use of various Groovy language features including the use of AnnotationCollector, import aliasing, and referencing annotation types using their full class name. This allows users with Overall/Read permission, or the ability to control Jenkinsfile or sandboxed Pipeline shared library contents in SCM, to bypass the sandbox protection and execute arbitrary code on the Jenkins master. The highest threat from this vulnerability is to data confidentiality and integrity and system availability."], "name": "CVE-2019-1003024", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "package_name": "jenkins-plugin-script-security", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Out of support scope", "package_name": "jenkins-plugin-script-security", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Out of support scope", "package_name": "jenkins-plugin-script-security", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Will not fix", "package_name": "jenkins-plugin-script-security", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Will not fix", "package_name": "jenkins-plugin-script-security", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "jenkins-plugin-script-security", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-02-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-1003024\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1003024\nhttps://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320"], "statement": "This flaw affects the jenkins-2-plugins RPM which is installed in the openshift3/jenkins-2-rhel7 container image. Security updates for this image are only released for versions 3.11 and 4.x of OpenShift Container Platform. The 3.11 version of the openshift3/jenkins-2-rhel7 container image is supported for use with previous versions of OpenShift Container Platform up to 3.4. For more information, refer to the OpenShift Jenkins README:\nhttps://github.com/openshift/jenkins/blob/master/README.md#jenkins-security-advisories-the-master-image-from-this-repository-and-the-oc-binary", "threat_severity": "Important"}