CVE-2019-1003030

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability

Severity Score

9.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.

Existe una vulnerabilidad de omisión de sandbox en Jenkins Pipeline: Groovy Plugin, en versiones 2.63 y anteriores en pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java, permite a los atacantes capacitados para controlar los scripts de tuberías ejecutar código arbitrario en el maestro JVM de Jenkins.

A flaw was found in the Jenkins Workflow CPS plugin. Parsing, compilation, and script instantiations provided by a crafted Groovy script could escape the sandbox allowing users to execute arbitrary code on the Jenkins master. The highest risk from this vulnerability is to data confidentiality and integrity as well as system availability.

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-workflow-cps: Sandbox bypass in pipeline: Groovy plug-in jenkins-matrix-project-plugin: Sandbox bypass in matrix project plug-in jenkins-job-dsl-plugin: Script security sandbox bypass in job DSL plug-in. Issues addressed include a bypass vulnerability.

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2019-03-08 CVE Reserved
2019-03-08 CVE Published
2020-10-19 First Exploit
2022-03-25 Exploited in Wild
2022-04-15 KEV Due Date
2025-02-07 CVE Updated
2025-04-08 EPSS Updated

CWE

CWE-20: Improper Input Validation
CWE-693: Protection Mechanism Failure

CAPEC

References (9)

URL	Tag	Source
http://packetstormsecurity.com/files/159603/Jenkins-2.63-Sandbox-Bypass.html	X_refsource_misc
http://www.securityfocus.com/bid/107476	Third Party Advisory
https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%282%29	X_refsource_confirm

URL	Date	SRC
https://packetstorm.news/files/id/159603	2020-10-19
https://www.exploit-db.com/exploits/48904	2020-10-19
https://github.com/overgrowncarrot1/CVE-2019-1003030	2025-03-01

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:0739	2023-10-25
https://access.redhat.com/security/cve/CVE-2019-1003030	2019-04-10
https://bugzilla.redhat.com/show_bug.cgi?id=1690665	2019-04-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jenkins Search vendor "Jenkins"		Pipeline: Groovy Search vendor "Jenkins" for product "Pipeline: Groovy"				<= 2.63 Search vendor "Jenkins" for product "Pipeline: Groovy" and version " <= 2.63"		jenkins		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11"		-		Affected