Description

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Related CPE's

a

jenkins

script_security

*

*

*

*

*

jenkins

Vulnerable

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-78

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-26T21:18:16.633

1 year ago

Last modified

2023-02-04T02:08:29.577

1 year ago