{"id":"CVE-2019-1003034","details":"A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.","aliases":["GHSA-5r74-pgmq-92mm"],"modified":"2026-04-10T04:11:45.182716Z","published":"2019-03-08T21:29:00.500Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0739"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107476"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/job-dsl-plugin","events":[{"introduced":"0"},{"last_affected":"7ce86803168baa528db6fccc9b3af5617e56e349"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.71"}]}}],"versions":["job-dsl-1.10","job-dsl-1.11","job-dsl-1.14","job-dsl-1.15","job-dsl-1.17","job-dsl-1.18","job-dsl-1.19","job-dsl-1.20","job-dsl-1.21","job-dsl-1.22","job-dsl-1.23","job-dsl-1.24","job-dsl-1.25","job-dsl-1.26","job-dsl-1.27","job-dsl-1.28","job-dsl-1.29","job-dsl-1.3","job-dsl-1.30","job-dsl-1.31","job-dsl-1.32","job-dsl-1.33","job-dsl-1.34","job-dsl-1.35","job-dsl-1.36","job-dsl-1.37","job-dsl-1.38","job-dsl-1.39","job-dsl-1.40","job-dsl-1.41","job-dsl-1.42","job-dsl-1.43","job-dsl-1.44","job-dsl-1.45","job-dsl-1.46","job-dsl-1.47","job-dsl-1.48","job-dsl-1.50","job-dsl-1.51","job-dsl-1.52","job-dsl-1.53","job-dsl-1.54","job-dsl-1.55","job-dsl-1.56","job-dsl-1.57","job-dsl-1.58","job-dsl-1.59","job-dsl-1.60","job-dsl-1.61","job-dsl-1.62","job-dsl-1.63","job-dsl-1.64","job-dsl-1.65","job-dsl-1.66","job-dsl-1.67","job-dsl-1.68","job-dsl-1.69","job-dsl-1.7","job-dsl-1.70","job-dsl-1.71","job-dsl-1.8","job-dsl-1.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1003034.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}