CVE-2019-10458 Vulnerability in maven package org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline

Description

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918

Related Vulnerabilities

CVE-2019-1003044 Vulnerability in maven package org.jenkins-ci.plugins:slack

CVE-2023-34238 Vulnerability in npm package gatsby-plugin-mdx

CVE-2023-44981 Vulnerability in maven package org.apache.zookeeper:zookeeper

CVE-2020-10687 Vulnerability in maven package io.undertow:undertow-core

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:jasper

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H