CVE-2019-1003032

Summary

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Email Extension Plugin2.64 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References