CVE-2019-10458 Vulnerability in maven package org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline

Description

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918

Related Vulnerabilities

CVE-2023-24425 Vulnerability in maven package com.cloudbees.jenkins.plugins:kubernetes-credentials-provider

CVE-2016-4000 Vulnerability in maven package org.python:jython-standalone

CVE-2020-2122 Vulnerability in maven package org.jenkins-ci.plugins:brakeman

CVE-2019-9658 Vulnerability in maven package com.puppycrawl.tools:checkstyle

CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H