CVE-2019-1003030
Published: 08 March 2019
Summary
CVE-2019-1003030 is a critical-severity Protection Mechanism Failure (CWE-693) vulnerability in Jenkins Pipeline\. Its CVSS base score is 9.9 (Critical).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
A sandbox bypass vulnerability exists in the Jenkins Pipeline: Groovy Plugin versions 2.63 and earlier, specifically within CpsGroovyShell.java. The flaw permits execution of arbitrary code on the Jenkins master JVM when an attacker can supply or modify pipeline scripts, as indicated by the affected files pom.xml and the associated source path. The issue carries a CVSS 3.1 score of 9.9 and is categorized under protection mechanism failure.
Attackers with the ability to control pipeline scripts, such as users granted pipeline authoring permissions, can exploit the bypass to run code outside the intended Groovy sandbox. This grants them full access to the Jenkins master process, enabling impacts across confidentiality, integrity, and availability on the controller.
The Jenkins security advisory for SECURITY-1336 and the associated Red Hat errata RHSA-2019:0739 address remediation steps, including updates that restrict script execution to prevent the sandbox escape. Public exploit code referencing Jenkins 2.63 has been published, confirming the issue's practical exploitability in unpatched environments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-5117
Vulnerability details
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
- CWE(s)
- KEV Date Added
- 25 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces the Groovy sandbox restrictions on pipeline scripts that the CVE bypasses, blocking arbitrary code execution on the master JVM.
Limits pipeline-authoring permissions to the minimum required, reducing the population of users able to supply exploitable scripts.
Requires prompt application of the vendor patch (SECURITY-1336) that closes the sandbox-escape flaw in CpsGroovyShell.