CVE-2019-10458

Critical

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers…

jenkins·NVD-CWE-Other·Published 2019-10-16

CVSS

9.9

EPSS

0.02

KEV

Exploits

cve.orgen

213 chars

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

NVDen

213 chars

OSV.deven

213 chars

GHSAen

213 chars

NVDes

247 chars

Jenkins Puppet Enterprise Pipeline versión 1.3.1 y anteriores, especifican valores no seguros en su lista blanca Script Security personalizada, permitiendo a atacantes ejecutar scripts protegidos de Script Security para ejecutar código arbitrario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	9.9	3.1	6.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.1	Secondary	GHSA	9.9	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H