CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1003041 – jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)
https://notcve.org/view.php?id=CVE-2019-1003041
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. Una vulnerabilidad de omisión de sandbox en Jenkins Pipeline: el plugin "groovy", en sus versiones 2.64 y anteriores, permite a los atacantes invocar constructores arbitrarios en los scripts en "sandbox". • http://www.openwall.com/lists/oss-security/2019/03/28/2 http://www.securityfocus.com/bid/107628 https://access.redhat.com/errata/RHSA-2019:1423 https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353 https://access.redhat.com/security/cve/CVE-2019-1003041 https://bugzilla.redhat.com/show_bug.cgi?id=1694536 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10063 – flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226)
https://notcve.org/view.php?id=CVE-2019-10063
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. ... Flatpak, en versiones anteriores a la 1.0.8, 1.1.x y 1.2.x anteriores a la 1.2.4, y en las versiones 1.3.x anteriores a la 1.3.1, permite omitir el sandbox. Las versiones de Flatpak desde la 0.8.1 abordan CVE-2017-5226 mediante un filtro seccomp para evitar que las aplicaciones del sandbox empleen el ioctl TIOCSTI, que podría emplearse para inyectar comandos en la terminal de control para que se ejecuten fuera del sandbox una vez la aplicación en el sandbox se cierra. ... A sandbox bypass flaw was found in the way bubblewrap, which is used for sandboxing flatpak applications handled the TIOCSTI ioctl. • https://access.redhat.com/errata/RHSA-2019:1024 https://access.redhat.com/errata/RHSA-2019:1143 https://github.com/flatpak/flatpak/issues/2782 https://access.redhat.com/security/cve/CVE-2019-10063 https://bugzilla.redhat.com/show_bug.cgi?id=1695973 • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003033
https://notcve.org/view.php?id=CVE-2019-1003033
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en el plugin Jenkins Groovy, en su versión 2.1 y anteriores, en pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java que permite a los atacantes con permisos de "Overall/Read" ejecutar código arbitrario en el maestro JVM de Jenkins. • http://www.securityfocus.com/bid/107476 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1338 •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003032
https://notcve.org/view.php?id=CVE-2019-1003032
A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en el plugin Jenkins Email Extension, en su versión 2.64 y anteriores, en pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java y src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.jav que permite a los atacantes con permisos de "Job/Configure" ejecutar código arbitrario en el maestro JVM de Jenkins. • http://www.securityfocus.com/bid/107476 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340 •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 2CVE-2019-1003029 – Jenkins Script Security Plugin Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1003029
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en Jenkins Script Security Plugin, en la versión 1.53 y anteriores en src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, que permite a los atacantes con permisos de "Overall/Read" ejecutar código arbitrario en el maestro JVM de Jenkins. ... An attacker with Overall/Read permissions is able to escape the sandbox and execute arbitrary code on the Jenkins master JVM. ... Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox. • https://github.com/orangetw/awesome-jenkins-rce-2019 http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html http://www.securityfocus.com/bid/107476 https://access.redhat.com/errata/RHSA-2019:0739 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29 https://access.redhat.com/security/cve/CVE-2019-1003029 https://bugzilla.redhat.com/show_bug.cgi?id=1689873 https://jenkins.io/security/advisory/2019-01-08 https://blog.orange.tw/2019/01& • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •