CVE-2022-43402

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-43402
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43402.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-43402
Aliases
Downstream
Published
2022-10-19T16:15:10.197Z
Modified
2026-01-29T06:15:35.191943Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea628154bc2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

References

Affected packages

Git / github.com/jenkinsci/workflow-cps-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/workflow-cps-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5ea628154bc2ca2b42bda738e5a8b2dde008280f

Affected versions

2633.*
2633.v6baeedc13805
2640.*
2640.v00e79c8113de
2644.*
2644.v29a793dac95a
2646.*
2646.v6ed3b5b01ff1
2648.*
2648.va9433432b33c
2656.*
2656.vf7a_e7b_75a_457
2659.*
2659.v52d3de6044d0
2660.*
2660.vb_c0412dc4e6d
2680.*
2680.vf642ed4fa_d55
2682.*
2682.va_473dcddc941
2683.*
2683.vd0a_8f6a_1c263
2686.*
2686.v7c37e0578401
2687.*
2687.v3f09155513c1
2688.*
2688.v39a_b_e5c49a_65
2689.*
2689.v434009a_31b_f1
2692.*
2692.v76b_089ccd026
2705.*
2705.v0449852ee36f
2706.*
2706.v71dd22b_c5a_a_2
2710.*
2710.vcd48b_b_9e0e7d
2725.*
2725.v7b_c717eb_12ce
2729.*
2729.vea_17b_79ed57a_
2746.*
2746.v0da_83a_332669
2759.*
2759.v87459c4eea_ca_
2784.*
2784.vd252824b_4eb_9
2801.*
2801.vf82a_b_b_e3e8a_5
2802.*
2802.v5ea_628154b_c2
workflow-cps-2.*
workflow-cps-2.0
workflow-cps-2.1
workflow-cps-2.10
workflow-cps-2.11
workflow-cps-2.12
workflow-cps-2.13
workflow-cps-2.14
workflow-cps-2.15
workflow-cps-2.16
workflow-cps-2.17
workflow-cps-2.18
workflow-cps-2.19
workflow-cps-2.2
workflow-cps-2.20
workflow-cps-2.21
workflow-cps-2.22
workflow-cps-2.23
workflow-cps-2.24
workflow-cps-2.25
workflow-cps-2.26
workflow-cps-2.27
workflow-cps-2.28
workflow-cps-2.29
workflow-cps-2.3
workflow-cps-2.30
workflow-cps-2.31
workflow-cps-2.32
workflow-cps-2.33
workflow-cps-2.34
workflow-cps-2.35
workflow-cps-2.36
workflow-cps-2.37
workflow-cps-2.38
workflow-cps-2.39
workflow-cps-2.4
workflow-cps-2.40
workflow-cps-2.41
workflow-cps-2.42
workflow-cps-2.43
workflow-cps-2.44
workflow-cps-2.45
workflow-cps-2.46
workflow-cps-2.47
workflow-cps-2.48
workflow-cps-2.49
workflow-cps-2.5
workflow-cps-2.50
workflow-cps-2.51
workflow-cps-2.52
workflow-cps-2.53
workflow-cps-2.54
workflow-cps-2.55
workflow-cps-2.56
workflow-cps-2.57
workflow-cps-2.58
workflow-cps-2.58-beta-1
workflow-cps-2.59
workflow-cps-2.6
workflow-cps-2.60
workflow-cps-2.61
workflow-cps-2.62
workflow-cps-2.63
workflow-cps-2.64
workflow-cps-2.65
workflow-cps-2.66
workflow-cps-2.67
workflow-cps-2.68
workflow-cps-2.69
workflow-cps-2.7
workflow-cps-2.70
workflow-cps-2.71
workflow-cps-2.72
workflow-cps-2.73
workflow-cps-2.74
workflow-cps-2.75
workflow-cps-2.76
workflow-cps-2.77
workflow-cps-2.78
workflow-cps-2.79
workflow-cps-2.8
workflow-cps-2.80
workflow-cps-2.81
workflow-cps-2.82
workflow-cps-2.83
workflow-cps-2.84
workflow-cps-2.85
workflow-cps-2.86
workflow-cps-2.87
workflow-cps-2.88
workflow-cps-2.89
workflow-cps-2.9
workflow-cps-2.90
workflow-cps-2.91
workflow-cps-2.92
workflow-cps-2.93
workflow-cps-2.94

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43402.json"