CVE-2019-1003040 – jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)
https://notcve.org/view.php?id=CVE-2019-1003040
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. Una vulnerabilidad de omisión de sandbox en Jenkins Script Security Plugin, en sus versiones 1.55 y anteriores, permite a los atacantes invocar constructores arbitrarios en los scripts en "sandbox". A flaw was found in the Jenkins Script Security plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2019/03/28/2 http://www.securityfocus.com/bid/107628 https://access.redhat.com/errata/RHSA-2019:1423 https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353 https://access.redhat.com/security/cve/CVE-2019-1003040 https://bugzilla.redhat.com/show_bug.cgi?id=1694532 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-704: Incorrect Type Conversion or Cast •
CVE-2019-1003041 – jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)
https://notcve.org/view.php?id=CVE-2019-1003041
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. Una vulnerabilidad de omisión de sandbox en Jenkins Pipeline: el plugin "groovy", en sus versiones 2.64 y anteriores, permite a los atacantes invocar constructores arbitrarios en los scripts en "sandbox". A flaw was found in the Jenkins Workflow CPS plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2019/03/28/2 http://www.securityfocus.com/bid/107628 https://access.redhat.com/errata/RHSA-2019:1423 https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353 https://access.redhat.com/security/cve/CVE-2019-1003041 https://bugzilla.redhat.com/show_bug.cgi?id=1694536 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-704: Incorrect Type Conversion or Cast •
CVE-2019-3826
https://notcve.org/view.php?id=CVE-2019-3826
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. Se ha detectado un error de Cross-Site Scripting (XSS) almacenado basado en DOM en Prometheus, en versiones anteriores a la 2.7.1. Un atacante podría explotar esta vulnerabilidad convenciendo a un usuario autenticado para que visite una URL manipulada en un servidor de Prometheus, lo que permite la ejecución y el almacenamiento persistente de scripts arbitrarios. • https://access.redhat.com/errata/RHBA-2019:0327 https://advisory.checkmarx.net/advisory/CX-2019-4297 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826 https://github.com/prometheus/prometheus/commit/62e591f9 https://github.com/prometheus/prometheus/pull/5163 https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8%40%3Ccommits.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177%40%3Ccommits.zookeeper.apache.org%3E https: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-7609 – Kibana Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2019-7609
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Las versiones anteriores a las 5.6.15 y 6.6.1 de Kibana contienen un error de ejecución de código arbitrario en el visualizador Timelion. Un atacante con acceso a la aplicación Timelion podría enviar una petición que intente ejecutar código javascript. • https://github.com/LandGrey/CVE-2019-7609 https://github.com/mpgn/CVE-2019-7609 https://github.com/hekadan/CVE-2019-7609 https://github.com/rhbb/CVE-2019-7609 https://github.com/wolf1892/CVE-2019-7609 https://github.com/Akshay15-png/CVE-2019-7609 https://github.com/dnr6419/CVE-2019-7609 https://github.com/OliveiraaX/CVE-2019-7609-KibanaRCE http://packetstormsecurity.com/files/174569/Kibana-Timelion-Prototype-Pollution-Remote-Code-Execution.html https://access.redhat.com/errat • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-12022 – jackson-databind: improper polymorphic deserialization of types from Jodd-db library
https://notcve.org/view.php?id=CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Se ha descubierto un problema en FasterXML jackson-databind, en versiones anteriores a la 2.7.9.4, 2.8.11.2 y 2.9.6. Cuando "Default Typing" está habilitado (globalmente o para una propiedad en concreto), el servicio cuenta con el jar Jodd-db (para acceso a la base de datos del framework Jodd) en la ruta de clase; un atacante puede proporcionar un servicio LDAP para acceder y es posible hacer que el servicio ejecute una carga útil maliciosa. A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. • http://www.securityfocus.com/bid/107585 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0782 https://access.redhat.com/errata/RHSA-2019:0877 https://access.redhat.com/errata/RHSA-2019:1106 https://access.redhat.com/errata/RHSA-2019:1107 https://access.redhat.com/errata/RHSA-2019:1108 https://access.redhat.com/errata/RHSA-2019:1140 https://access.redhat.com/errata/RHSA-2019:1782 https://access.redhat.com/errata/RHSA-2019:1797& • CWE-502: Deserialization of Untrusted Data •