{"id":"CVE-2019-1003031","details":"A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.","aliases":["GHSA-qxf8-8837-hq7w"],"modified":"2026-03-15T21:45:02.775670Z","published":"2019-03-08T21:29:00.373Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107476"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0739"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/matrix-project-plugin","events":[{"introduced":"0"},{"last_affected":"bd732a39f12aba7f5e18adccb96461ef409bed25"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.13"}]}}],"versions":["matrix-project-1.0","matrix-project-1.0-beta-1","matrix-project-1.1","matrix-project-1.10","matrix-project-1.11","matrix-project-1.12","matrix-project-1.13","matrix-project-1.2","matrix-project-1.3","matrix-project-1.4","matrix-project-1.5","matrix-project-1.6","matrix-project-1.7","matrix-project-1.7.1","matrix-project-1.8","matrix-project-1.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1003031.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}