CVE-2019-16538

Published Nov 21, 2019

Last updated a year ago

Overview

Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.
Source
jenkinsci-cert@googlegroups.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
6.5
Impact score
6.4
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-863

Social media

Hype score
Not currently trending

Configurations