CVE-2019-10306

EUVD-2022-5042
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
jenkinsontrack
𝑥
≤ 3.4
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/108045
https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341
http://www.securityfocus.com/bid/108045
https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341