CVE-2019-10399

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.2 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
jenkinsscript_security
𝑥
≤ 1.62
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2019/09/12/2
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538
http://www.openwall.com/lists/oss-security/2019/09/12/2
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538