CVE-2019-10393

EUVD-2022-3365
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.2 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
jenkinsscript_security
𝑥
≤ 1.62
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2019/09/12/2
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538
http://www.openwall.com/lists/oss-security/2019/09/12/2
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538