CVE-2019-1003024

Summary

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Script Security Plugin1.52 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References