CVE-2022-43404

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-43404
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43404.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-43404
Aliases
Related
Published
2022-10-19T16:15:10Z
Modified
2024-10-12T10:15:36.715004Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

References

Affected packages

Git / github.com/jenkinsci/script-security-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/script-security-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

1118.*

1118.vba21ca2e3286

1125.*

1125.v132f99385e1b_

1131.*

1131.v8b_b_5eda_c328e

1138.*

1138.v8e727069a_025

1140.*

1140.vf967fb_efa_55a_

1145.*

1145.vb_cf6cf6ed960

1146.*

1146.vdf547f19a_473

1158.*

1158.v7c1b_73a_69a_08

1172.*

1172.v35f6a_0b_8207e

1175.*

1175.v4b_d517d6db_f0

1183.*

1183.v774b_0b_0a_a_451

script-security-1.*

script-security-1.0
script-security-1.0-beta-1
script-security-1.0-beta-2
script-security-1.0-beta-3
script-security-1.0-beta-4
script-security-1.0-beta-5
script-security-1.0-beta-6
script-security-1.1
script-security-1.10
script-security-1.11
script-security-1.12
script-security-1.13
script-security-1.14
script-security-1.15
script-security-1.16
script-security-1.17
script-security-1.18
script-security-1.19
script-security-1.2
script-security-1.20
script-security-1.21
script-security-1.22
script-security-1.23
script-security-1.24
script-security-1.25
script-security-1.26
script-security-1.27
script-security-1.28
script-security-1.29
script-security-1.3
script-security-1.30
script-security-1.31
script-security-1.32
script-security-1.33
script-security-1.34
script-security-1.35
script-security-1.36
script-security-1.37
script-security-1.38
script-security-1.39
script-security-1.4
script-security-1.40
script-security-1.41
script-security-1.42
script-security-1.43
script-security-1.44
script-security-1.45
script-security-1.46
script-security-1.47
script-security-1.48
script-security-1.49
script-security-1.5
script-security-1.50
script-security-1.51
script-security-1.52
script-security-1.53
script-security-1.54
script-security-1.55
script-security-1.56
script-security-1.57
script-security-1.58
script-security-1.59
script-security-1.6
script-security-1.60
script-security-1.61
script-security-1.62
script-security-1.63
script-security-1.64
script-security-1.65
script-security-1.66
script-security-1.67
script-security-1.68
script-security-1.69
script-security-1.7
script-security-1.70
script-security-1.71
script-security-1.72
script-security-1.73
script-security-1.74
script-security-1.75
script-security-1.76
script-security-1.77
script-security-1.78
script-security-1.8
script-security-1.9