CVE-2019-1003030
| CVE Published | 2019-03-08 |
|---|---|
| Related Vendor(s) | jenkins, redhat |
| Related Product(s) | openshift_container_platform, pipeline\ |
| Exploitation Reported (CISA KEV) | 2022-03-25 |
| CVSS 3 Base Score | 9.9 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph