{"containers": {"cna": {"affected": [{"product": "Jenkins Script Security Plugin", "vendor": "Jenkins project", "versions": [{"status": "affected", "version": "1.53 and earlier"}]}], "dateAssigned": "2019-03-06T00:00:00.000Z", "datePublic": "2019-03-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:45:04.091Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29"}, {"name": "107476", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107476"}, {"name": "RHSA-2019:0739", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0739"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "DATE_ASSIGNED": "2019-03-06T22:44:37.383669", "ID": "CVE-2019-1003029", "REQUESTER": "ml@beckweb.net", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Script Security Plugin", "version": {"version_data": [{"version_value": "1.53 and earlier"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)"}, {"name": "107476", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107476"}, {"name": "RHSA-2019:0739", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0739"}, {"name": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:19.425Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29"}, {"name": "107476", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107476"}, {"name": "RHSA-2019:0739", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0739"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T13:06:12.237330Z", "id": "CVE-2019-1003029", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-04-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1003029"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:07:08.615Z"}}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2019-1003029", "datePublished": "2019-03-08T21:00:00.000Z", "dateReserved": "2019-03-08T00:00:00.000Z", "dateUpdated": "2025-02-07T13:07:08.615Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/107476", "name": "107476", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:0739", "name": "RHSA-2019:0739", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:19.425Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-1003029", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T13:06:12.237330Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-04-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1003029"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:05:15.712Z"}}], "cna": {"affected": [{"vendor": "Jenkins project", "product": "Jenkins Script Security Plugin", "versions": [{"status": "affected", "version": "1.53 and earlier"}]}], "datePublic": "2019-03-08T00:00:00.000Z", "references": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/107476", "name": "107476", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:0739", "name": "RHSA-2019:0739", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html", "tags": ["x_refsource_MISC"]}], "dateAssigned": "2019-03-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:45:04.091Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.53 and earlier"}]}, "product_name": "Jenkins Script Security Plugin"}]}, "vendor_name": "Jenkins project"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)", "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/107476", "name": "107476", "refsource": "BID"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0739", "name": "RHSA-2019:0739", "refsource": "REDHAT"}, {"url": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-1003029", "STATE": "PUBLIC", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "REQUESTER": "ml@beckweb.net", "DATE_ASSIGNED": "2019-03-06T22:44:37.383669"}}}}, "cveMetadata": {"cveId": "CVE-2019-1003029", "state": "PUBLISHED", "dateUpdated": "2025-02-07T13:07:08.615Z", "dateReserved": "2019-03-08T00:00:00.000Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2019-03-08T21:00:00.000Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-16", "cisaExploitAdd": "2022-04-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Jenkins Script Security Plugin Sandbox Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "4F309F6A-5D2A-4E7E-9C91-FA5E6413F498", "versionEndIncluding": "1.53", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de sandbox en Jenkins Script Security Plugin, en la versi\u00f3n 1.53 y anteriores en src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, que permite a los atacantes con permisos de \"Overall/Read\" ejecutar c\u00f3digo arbitrario en el maestro JVM de Jenkins."}], "id": "CVE-2019-1003029", "lastModified": "2025-02-20T18:05:05.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-03-08T21:29:00.297", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107476"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0739"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory"], "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107476"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0739"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0739", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-2-plugins-0:3.11.1552336312-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-04-10T00:00:00Z"}], "bugzilla": {"description": "jenkins-plugin-script-security: sandbox bypass in script security plugin", "id": "1689873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689873"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-96", "details": ["A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.", "A flaw was found in the Jenkins Script Security plugin version 1.53. An attacker with Overall/Read permissions is able to escape the sandbox and execute arbitrary code on the Jenkins master JVM. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-1003029", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Will not fix", "package_name": "jenkins-plugin-script-security", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Will not fix", "package_name": "jenkins-plugin-script-security", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-1003029\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1003029\nhttps://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Important", "upstream_fix": "jenkins-script-security-plugin 1.54"}