Critical severityCISA KEVNVD Advisory· Published Mar 8, 2019· Updated Oct 21, 2025

CVE-2019-1003029

Description

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:script-securityMaven	< 1.54	1.54

Affected products

Jenkins project/Jenkins Script Security Pluginv5
Range: 1.53 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2019:0739ghsavendor-advisoryx_refsource_REDHATWEB
github.com/advisories/GHSA-xvxq-hq48-xphmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-1003029ghsaADVISORY
packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.htmlghsax_refsource_MISCWEB
www.securityfocus.com/bid/107476mitrevdb-entryx_refsource_BID
jenkins.io/security/advisory/2019-03-06/ghsax_refsource_CONFIRMWEB
jenkins.io/security/advisory/2019-03-06/ghsaWEB
www.cisa.gov/known-exploited-vulnerabilities-catalogghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.074
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000