CVE-2019-10458

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10458

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10458.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10458

Aliases

GHSA-mj9c-vjp9-pggh

Published

2019-10-16T14:15:13.607Z

Modified

2026-03-14T09:31:43.719082Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918

Affected packages

Git / github.com/jenkinsci/puppet-enterprise-pipeline-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/puppet-enterprise-pipeline-plugin

Events

Introduced

Last affected

f53fd6e91bcacb8bb6c0ab2df1fdd9d713d5f2b5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.1"
        }
    ]
}

Affected versions

1.*

1.0.0

puppet-enterprise-pipeline-1.*

puppet-enterprise-pipeline-1.0.0

puppet-enterprise-pipeline-1.0.1

puppet-enterprise-pipeline-1.1.0

puppet-enterprise-pipeline-1.1.1

puppet-enterprise-pipeline-1.2.0

puppet-enterprise-pipeline-1.2.1

puppet-enterprise-pipeline-1.2.2

puppet-enterprise-pipeline-1.2.3

puppet-enterprise-pipeline-1.3.0

puppet-enterprise-pipeline-1.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10458.json"