CVE-2018-1000866

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000866

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000866.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1000866

Aliases

GHSA-gqhm-4h93-rrhg

Withdrawn

2025-04-21T15:58:57.102155Z

Published

2018-12-10T14:29:01Z

Modified

2025-03-20T01:54:22.112560Z

Downstream

RHBA-2019:0326

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM

References

Affected packages

Git / github.com/openshift/console

Affected ranges

Type: GIT
Repo: https://github.com/openshift/console
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d822672dec05b2aec2f421295b3f87e9d42493c4

Affected versions

Other

describe

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.2.0

v0.2.0-alpha.1

v0.2.0-alpha.2

v0.2.0-rc.1

v0.2.0-rc.2

v0.2.0-rc.3

v0.3.0

v0.4.0

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.7.2

v0.8.0

v0.8.1

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.9.0

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.7.2

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.11.0

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.1.0

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6