Miggo Logo
Miggo Vulnerability Database
CVE-2019-10306

CVE-2019-10306: Sandbox bypass in ontrack Jenkins Plugin

10

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-10306
GHSA ID
GHSA-qw28-g63m-jxqv
EPSS Score
0.51016%
CWE
CWE-863
Published
5/24/2022
Updated
12/13/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:ontrackmaven< 3.4.13.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper sandbox application during Groovy script lifecycle phases. The patch changes show:

  1. Updated script-security dependency to 1.57 which introduced stricter sandboxing
  2. Modified execution flow to use GroovyShell.run() with prepared code source, ensuring sandbox applies during parsing
  3. Changed SandboxDSLLauncher to intercept execution earlier in the process

The original AbstractDSLLauncher's script parsing before binding setup, and SandboxDSLLauncher's post-parsing sandbox application, allowed attackers to bypass restrictions during critical initialization phases of script execution.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* s*n**ox *yp*ss vuln*r**ility in J*nkins ontr**k Plu*in *.* *n* **rli*r *llow** *tt**k*rs wit* *ontrol ov*r ontr**k *SL ***initions to *x**ut* *r*itr*ry *o** on t** J*nkins m*st*r JVM.

Reasoning

T** vuln*r**ility st*mm** *rom improp*r s*n**ox *ppli**tion *urin* *roovy s*ript li***y*l* p**s*s. T** p*t** ***n**s s*ow: *. Up**t** s*ript-s**urity **p*n**n*y to *.** w*i** intro*u*** stri*t*r s*n**oxin* *. Mo*i*i** *x**ution *low to us* *roovyS**l