CVE-2019-10390

Published: Aug 28, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Vendor	Product	Versions
Jenkins project	Jenkins Splunk Plugin	affected `1.7.4 and earlier`

References

[oss-security] 20190828 Multiple vulnerabilities in Jenkins and Jenkins plugins

mailing-list

x_refsource_MLIST

https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1294

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-10390

Description

Affected Products

References