Description

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918

Related Vulnerabilities

CVE-2023-43495 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2018-10862 Vulnerability in maven package org.wildfly.core:wildfly-deployment-repository

CVE-2020-1950 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2018-1999006 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2013-2248 Vulnerability in maven package org.apache.struts:struts2-core

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Vendor Advisory NVD-CWE-Other