Miggo Logo

CVE-2019-10431: Improper Control of Generation of Code in Jenkins Script Security Plugin

10

CVSS Score
3.1

Basic Information

EPSS Score
0.60346%
Published
5/24/2022
Updated
10/26/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:script-securitymaven<= 1.641.65

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows added tests blocking 'x = Jenkins.getInstance()' in constructor parameters when calling super(), and the patch upgraded groovy-sandbox to handle these expressions. The vulnerability specifically involved improper handling of default parameter initializers in constructors with super calls, which would execute outside sandbox constraints. The test case demonstrates this bypass vector, and the CWE-94 classification confirms it's a code injection via uncontrolled code generation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* s*n**ox *yp*ss vuln*r**ility in J*nkins S*ript S**urity Plu*in *.** *n* **rli*r r*l*t** to t** **n*lin* o* ****ult p*r*m*t*r *xpr*ssions in *onstru*tors *llow** *tt**k*rs to *x**ut* *r*itr*ry *o** in s*n**ox** s*ripts.

Reasoning

T** *ommit *i** s*ows ***** t*sts *lo*kin* 'x = J*nkins.**tInst*n**()' in *onstru*tor p*r*m*t*rs w**n **llin* `sup*r()`, *n* t** p*t** up*r**** `*roovy-s*n**ox` to **n*l* t**s* *xpr*ssions. T** vuln*r**ility sp**i*i**lly involv** improp*r **n*lin* o*