Skip to main content

Protection Mechanism Failure

CVE-2019-10328

Severity High
Score 9.9/10

Summary

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

  • LOW
  • NETWORK
  • HIGH
  • CHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-693 - Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

Advisory Timeline

  • Published