CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
jenkinsscript_security
𝑥
≤ 1.61
redhatopenshift_container_platform
3.11
redhatopenshift_container_platform
4.1
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://access.redhat.com/errata/RHSA-2019:2594
https://access.redhat.com/errata/RHSA-2019:2651
https://access.redhat.com/errata/RHSA-2019:2662
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://access.redhat.com/errata/RHSA-2019:2594
https://access.redhat.com/errata/RHSA-2019:2651
https://access.redhat.com/errata/RHSA-2019:2662
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29