CVE-2019-10393 — Vulnetix

CVE-2019-10393 PUBLISHED CVSS 4.900000095367432 MEDIUM

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.

EPSS 0.16% · 37.0th percentile

Risk Scores

CVSS 2.0

4.900000095367432

EPSS Score

0.16%

37.0th percentile

Affected Products

Vendor	Product	Versions
jenkins	script_security	0
Jenkins project	Jenkins Script Security Plugin	1.62 and earlier
Maven	org.jenkins-ci.plugins:script-security	0

Exploit Intelligence

[oss-security] 20190912 Multiple vulnerabilities in Jenkins plugins (circl)
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538 (circl)

Timeline

Sep 12, 2019 CVE Published
Oct 9, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score

References

[oss-security] 20190912 Multiple vulnerabilities in Jenkins plugins mailing-list
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538 url
https://nvd.nist.gov/vuln/detail/CVE-2019-10393 advisory
https://github.com/jenkinsci/script-security-plugin/commit/b28e4dc5584ef6515aeb9bc834691176546d0689 url
https://github.com/jenkinsci/script-security-plugin package

Open in Interactive Console →