Sandbox Bypass

Affecting org.jenkins-ci.plugins:script-security artifact, versions [,1.63)

Do your applications use this vulnerable package? Test your applications

Overview

org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.

Affected versions of this package are vulnerable to Sandbox Bypass. Sandbox protection in Script Security Plugin could be circumvented through any of the following:

  • Crafted method names in method call expressions (CVE-2019-10393)

  • Crafted property names in property expressions on the left-hand side of assignment expressions (CVE-2019-10394)

  • Crafted property names in property expressions in increment and decrement expressions (CVE-2019-10399)

  • Crafted subexpressions in increment and decrement expressions not involving actual assignment (CVE-2019-10400)

This allowed attackers able to specify and run sandboxed scripts to execute arbitrary code in the Jenkins master JVM.

Remediation

A fix was pushed into the master branch but not yet published.

References

CVSS Score

4.2
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    None
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Credit
Nils Emmerich of ERNW Research GmbH
CVE
CVE-2019-10393 CVE-2019-10394 CVE-2019-10399 CVE-2019-10400
CWE
CWE-265
Snyk ID
SNYK-JAVA-ORGJENKINSCIPLUGINS-466731
Disclosed
12 Sep, 2019
Published
13 Sep, 2019