NVD disclosure day

Published threat advisories for March 8, 2019

CVE advisoryKnown Exploit

CVE-2019-1003030

Jenkins Pipeline Plugin: Code Execution Risk

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A sandbox bypass in the Jenkins Pipeline: Groovy plugin allows attackers to execute arbitrary code on the Jenkins master. This impacts organizations using affected versions of the plugin, potentially leading to a compromise of the Jenkins environment and associated systems. The risk is associated with unauthorized code

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2019-1003029

Jenkins Script Security Plugin Sandbox Bypass Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the Jenkins Script Security Plugin allows attackers with read permissions to execute arbitrary code on the Jenkins master JVM. This could impact affected organizations by compromising systems and data, leading to significant business risk. Organizations should identify and update affected Jenkins ins

NVD published: • CISA KEV