1. CVE-Search
  2. CVE-2019-10306
ID CVE-2019-10306
Summary A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:ontrack:2.0.0:-:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:-:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.0:beta1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:beta1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.0:beta2:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:beta2:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.0:beta3:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:beta3:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.0:rc1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.0:rc1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.1.0:-:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.1.0:-:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.1.0:beta1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.1.0:beta1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.4.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.4.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.8.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.9.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.9.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.11.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.11.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.12.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.12.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.13.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.13.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.13.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.13.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.13.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.13.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.14.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.14.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.15.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.15.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.16.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.16.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.17.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.17.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.18.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.18.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.18.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.18.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.19.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.19.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.19.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.19.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.19.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.19.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.21.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.21.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.22.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.22.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.25.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.25.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.25.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.25.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.26.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.26.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.28.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.28.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.28.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.28.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.29.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.29.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.29.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.29.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.3.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.3.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.30.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.30.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.31.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.31.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.32.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.32.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:2.33.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:2.33.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ontrack:3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ontrack:3.4:*:*:*:*:jenkins:*:*
CVSS
Base: 6.5 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 108045
confirm https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341
Last major update 25-10-2023 - 18:16
Published 18-04-2019 - 17:29
Last modified 25-10-2023 - 18:16
Back to Top