CVE-2019-1003030

NVD Published Date: March 08, 2019 at 09:29 PM
NVD Last Modified: July 16, 2024 at 05:55 PM
Download Patch
Vulnerability ID
CVE-2019-1003030
Severity
CRITICAL
Severity Score
9.9
Summary
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
Mitigation and Patches
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE ID
NVD-CWE-noinfo

Recent Publish

CVE-2019-1003029

CVE-2019-10758

CVE-2023-41265

CVE-2012-0507

2024-06 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5039274)

2024-06 Security Only Quality Update for Windows Embedded Standard 7 for x86-based Systems (KB5039274)

See SecOps Solution
in action

Schedule Demo