CVE-2019-10306

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
jenkinsontrack
𝑥
≤ 3.4
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/108045
https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341
http://www.securityfocus.com/bid/108045
https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341