CVE-2019-10306 | xxxCVE-2019-10306 – xxx
菜单






CVE-2019-10306

九月 30, 2020 - 未分类

  1. CVE-Search
  2. CVE-2019-10306
ID CVE-2019-10306
SummaryA sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:ontrack:2.0.0:-:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:-:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.0:beta1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:beta1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.0:beta2:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:beta2:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.0:beta3:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:beta3:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.0:rc1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:rc1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.1.0:-:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.1.0:-:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.1.0:beta1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.1.0:beta1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.4.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.4.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.8.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.9.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.9.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.11.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.11.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.12.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.12.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.13.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.13.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.13.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.13.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.13.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.13.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.14.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.14.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.15.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.15.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.16.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.16.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.17.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.17.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.18.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.18.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.18.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.18.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.19.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.19.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.19.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.19.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.19.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.19.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.21.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.21.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.25.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.25.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.25.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.25.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.26.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.26.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.28.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.28.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.28.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.28.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.29.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.29.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.29.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.29.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.4:*:*:*:*:jenkins:*:*
CVSS
Base: 6.5 (as of 02-10-2020 – 14:42)
Impact:
Exploitability:
CWENVD-CWE-noinfo
CAPEC

    Access
    VectorComplexityAuthentication
    NETWORKLOWSINGLE
    Impact
    ConfidentialityIntegrityAvailability
    PARTIALPARTIALPARTIAL
    cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
    refmap via4
    bid 108045
    confirm https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341
    Last major update02-10-2020 – 14:42
    Published18-04-2019 – 17:29
    Last modified02-10-2020 – 14:42







    Notice: Undefined variable: canUpdate in /var/www/html/wordpress/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php on line 51