What is the severity of CVE-2019-10328?

CVE-2019-10328 has been classified as having a high severity due to its potential impact on data confidentiality, integrity, and system availability.

How do I fix CVE-2019-10328?

To address CVE-2019-10328, update the Jenkins Workflow Remote Loader plugin to version 1.5 or later.

What systems are affected by CVE-2019-10328?

CVE-2019-10328 affects Jenkins installations with the Workflow Remote Loader plugin prior to version 1.5.

What type of vulnerability is CVE-2019-10328?

CVE-2019-10328 is a security vulnerability that allows arbitrary method invocation and bypasses sandbox protections in Jenkins.

Is CVE-2019-10328 related to Jenkins security risks?

Yes, CVE-2019-10328 poses significant security risks to Jenkins users by threatening the confidentiality and integrity of their data.

Vulnerability/
CVE-2019-10328

critical

9.9

CWE

183 693 184

31/5/2019

24/5/2022

4/8/2024

CVE-2019-10328

First published: Fri May 31 2019(Updated: )

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2019-10328?
CVE-2019-10328 has been classified as having a high severity due to its potential impact on data confidentiality, integrity, and system availability.
How do I fix CVE-2019-10328?
To address CVE-2019-10328, update the Jenkins Workflow Remote Loader plugin to version 1.5 or later.
What systems are affected by CVE-2019-10328?
CVE-2019-10328 affects Jenkins installations with the Workflow Remote Loader plugin prior to version 1.5.
What type of vulnerability is CVE-2019-10328?
CVE-2019-10328 is a security vulnerability that allows arbitrary method invocation and bypasses sandbox protections in Jenkins.
Is CVE-2019-10328 related to Jenkins security risks?
Yes, CVE-2019-10328 poses significant security risks to Jenkins users by threatening the confidentiality and integrity of their data.

collector/redhat-cve
collector/nvd-index
collector/nvd-api
collector/nvd-cve
collector/github-advisory-latest
alias/GHSA-v558-fhw2-v46w
alias/CVE-2019-10328
collector/github-advisory
agent/type
agent/first-publish-date
agent/softwarecombine
agent/severity
agent/references
agent/weakness
agent/author
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat
vendor/jenkins
canonical/jenkins pipeline remote loader
version/jenkins pipeline remote loader/1.4
package-manager/maven

CVE-2019-10328

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2019-10328?

How do I fix CVE-2019-10328?

What systems are affected by CVE-2019-10328?

What type of vulnerability is CVE-2019-10328?

Is CVE-2019-10328 related to Jenkins security risks?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-10328?

How do I fix CVE-2019-10328?

What systems are affected by CVE-2019-10328?

What type of vulnerability is CVE-2019-10328?

Is CVE-2019-10328 related to Jenkins security risks?

Affected Software	Affected Version	How to fix
redhat/jenkins-plugin-workflow-remote-loader	<1.5	1.5
redhat/atomic-enterprise-service-catalog	<1:3.11.117-1.git.1.376e432.el7	1:3.11.117-1.git.1.376e432.el7
redhat/atomic-openshift-cluster-autoscaler	<0:3.11.117-1.git.1.caa79fa.el7	0:3.11.117-1.git.1.caa79fa.el7
redhat/atomic-openshift-descheduler	<0:3.11.117-1.git.1.1635b0a.el7	0:3.11.117-1.git.1.1635b0a.el7
redhat/atomic-openshift-dockerregistry	<0:3.11.117-1.git.1.6a42b08.el7	0:3.11.117-1.git.1.6a42b08.el7
redhat/atomic-openshift-metrics-server	<0:3.11.117-1.git.1.319d58e.el7	0:3.11.117-1.git.1.319d58e.el7
redhat/atomic-openshift-node-problem-detector	<0:3.11.117-1.git.1.0345fe3.el7	0:3.11.117-1.git.1.0345fe3.el7
redhat/atomic-openshift-service-idler	<0:3.11.117-1.git.1.887bb82.el7	0:3.11.117-1.git.1.887bb82.el7
redhat/atomic-openshift-web-console	<0:3.11.117-1.git.1.be7a05c.el7	0:3.11.117-1.git.1.be7a05c.el7
redhat/cri-o	<0:1.11.14-1.rhaos3.11.gitd56660e.el7	0:1.11.14-1.rhaos3.11.gitd56660e.el7
redhat/golang-github-openshift-oauth-proxy	<0:3.11.117-1.git.1.2b006d2.el7	0:3.11.117-1.git.1.2b006d2.el7
redhat/golang-github-prometheus-alertmanager	<0:3.11.117-1.git.1.207ef35.el7	0:3.11.117-1.git.1.207ef35.el7
redhat/golang-github-prometheus-prometheus	<0:3.11.117-1.git.1.f52d417.el7	0:3.11.117-1.git.1.f52d417.el7
redhat/jenkins	<0:2.164.2.1555422716-1.el7	0:2.164.2.1555422716-1.el7
redhat/jenkins	<2-plugins-0:3.11.1559667994-1.el7	2-plugins-0:3.11.1559667994-1.el7
redhat/openshift-ansible	<0:3.11.123-1.git.0.db681ba.el7	0:3.11.123-1.git.0.db681ba.el7
redhat/openshift-enterprise-autoheal	<0:3.11.117-1.git.1.ef32a58.el7	0:3.11.117-1.git.1.ef32a58.el7
redhat/openshift-enterprise-cluster-capacity	<0:3.11.117-1.git.1.6593fce.el7	0:3.11.117-1.git.1.6593fce.el7
redhat/jenkins	<2-plugins-0:4.1.1561471763-1.el7	2-plugins-0:4.1.1561471763-1.el7
redhat/jenkins	<2-plugins-0:4.2.1568997376-1.el7	2-plugins-0:4.2.1568997376-1.el7
Jenkins Pipeline Remote Loader	<=1.4
maven/org.jenkins-ci.plugins:workflow-remote-loader	<1.5	1.5