CVE-2019-10393 : A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlie

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Published 2019-09-12 14:15:11

Updated 2023-10-25 18:16:20

Source Jenkins Project

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2019-10393

Jenkins » Script Security » For Jenkins
Versions up to, including, (<=) 1.62
cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-10393

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-10393

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:N	6.8	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
4.2	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N	1.6	2.5	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

References for CVE-2019-10393

https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538

Jenkins Security Advisory 2019-09-12
Vendor Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2019/09/12/2

oss-security - Multiple vulnerabilities in Jenkins plugins
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-10393

Products affected by CVE-2019-10393

Exploit prediction scoring system (EPSS) score for CVE-2019-10393

CVSS scores for CVE-2019-10393

References for CVE-2019-10393