CVE-2019-10400

low-risk

Published 2019-09-12

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts.

Do I need to act?

0.22% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.2/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Script Security

Affected Vendors

Jenkins

References (4)

Mailing List http://www.openwall.com/lists/oss-security/2019/09/12/2

Vendor Advisory https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538

Mailing List http://www.openwall.com/lists/oss-security/2019/09/12/2

Vendor Advisory https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal