CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
jenkinsscript_security
𝑥
≤ 1.61
redhatopenshift_container_platform
3.11
redhatopenshift_container_platform
4.1
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://access.redhat.com/errata/RHSA-2019:2594
https://access.redhat.com/errata/RHSA-2019:2651
https://access.redhat.com/errata/RHSA-2019:2662
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://access.redhat.com/errata/RHSA-2019:2594
https://access.redhat.com/errata/RHSA-2019:2651
https://access.redhat.com/errata/RHSA-2019:2662
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29