CVE-2019-1003032: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml
, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java
, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java
, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java
, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java
that allows attackers with Job/Configure
permission to execute arbitrary code on the Jenkins master JVM.
References
Detect and mitigate CVE-2019-1003032 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →