Jenkins Security Advisory 2019-01-08 Multiple Vulnerabilities

high Nessus Plugin ID 129169

Synopsis

A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.

Description

Jenkins running on the remote web server has one or more plugins affected by following vulnerabilities:

- A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
(CVE-2019-1003000)

- A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
(CVE-2019-1003001)

- A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
(CVE-2019-1003002)

Solution

Refer to vendor advisory for details.

See Also

https://jenkins.io/security/advisory/2019-01-08/

Plugin Details

Severity: High

ID: 129169

File Name: jenkins_security_advisory_2019-01-08.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 9/24/2019

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2019-1003002

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:jenkins:jenkins, cpe:/a:cloudbees:jenkins

Required KB Items: www/Jenkins

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/8/2019

Vulnerability Publication Date: 1/8/2019

Exploitable With

Metasploit (Jenkins ACL Bypass and Metaprogramming RCE)

Reference Information

CVE: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002

BID: 106681