CVE-2019-1003000

Summary

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectScript Security Plugin1.49 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References