Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jenkins-2-plugins@3.11.1552336312-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1552336312-1?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-bdt1-rbrk-nyhm
Aliases:
CVE-2019-1003031
GHSA-qxf8-8837-hq7w
Protection Mechanism Failure A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin in `src/main/java/hudson/matrix/FilterScript.java` that allowing attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. There are no reported fixed by versions.
VCID-ct1b-eyhf-tban
Aliases:
CVE-2019-1003005
GHSA-x5jm-rj37-5qh7
Code Injection A sandbox bypass vulnerability exists in Jenkins Script Security Plugin in `src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java` that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. There are no reported fixed by versions.
VCID-k6km-8dx9-nkau
Aliases:
CVE-2019-1003024
GHSA-jgpm-2862-q5m8
Protection Mechanism Failure A sandbox bypass vulnerability exists in Jenkins Script Security Plugin in `RejectASTTransformsCustomizer.java` that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. There are no reported fixed by versions.
VCID-p1ww-dzs9-9fez
Aliases:
CVE-2019-1003029
GHSA-xvxq-hq48-xphm
Sandbox bypass in Script Security Plugin A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. There are no reported fixed by versions.
VCID-xfmw-gut6-ryd3
Aliases:
CVE-2019-1003030
GHSA-r6mc-mrvr-23cr
Sandbox bypass in Jenkins Pipeline: Groovy Plugin A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. There are no reported fixed by versions.
VCID-zbbg-ynmr-rqcx
Aliases:
CVE-2019-1003034
GHSA-5r74-pgmq-92mm
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in `job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy`, `job-dsl-plugin/build.gradle`, `job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslallow` `list.groovy`, `job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy` that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:21:00.779818+00:00 RedHat Importer Affected by VCID-ct1b-eyhf-tban https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003005.json 38.0.0
2026-04-01T14:20:54.390274+00:00 RedHat Importer Affected by VCID-k6km-8dx9-nkau https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003024.json 38.0.0
2026-04-01T14:20:50.027383+00:00 RedHat Importer Affected by VCID-xfmw-gut6-ryd3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003030.json 38.0.0
2026-04-01T14:20:50.002412+00:00 RedHat Importer Affected by VCID-zbbg-ynmr-rqcx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003034.json 38.0.0
2026-04-01T14:20:49.977418+00:00 RedHat Importer Affected by VCID-bdt1-rbrk-nyhm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003031.json 38.0.0
2026-04-01T14:20:49.952335+00:00 RedHat Importer Affected by VCID-p1ww-dzs9-9fez https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1003029.json 38.0.0