CVE-2019-10390

Summary

A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Splunk Plugin1.7.4 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References