CVE-2019-1003006

Summary

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Groovy Plugin2.0 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References