CVE-2023-24422

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-24422
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24422.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-24422
Aliases
Downstream
Published
2023-01-26T21:18:16Z
Modified
2025-10-16T09:31:06.405775Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

References

Affected packages

Git / github.com/jenkinsci/script-security-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/script-security-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4880bbe905a6783d80150c8b881d0127430d4a73

Affected versions

1118.*

1118.vba21ca2e3286

1125.*

1125.v132f99385e1b_

1131.*

1131.v8b_b_5eda_c328e

1138.*

1138.v8e727069a_025

1140.*

1140.vf967fb_efa_55a_

1145.*

1145.vb_cf6cf6ed960

1146.*

1146.vdf547f19a_473

1158.*

1158.v7c1b_73a_69a_08

1172.*

1172.v35f6a_0b_8207e

1175.*

1175.v4b_d517d6db_f0

1183.*

1183.v774b_0b_0a_a_451

1184.*

1184.v85d16b_d851b_3

1189.*

1189.vb_a_b_7c8fd5fde

1190.*

1190.v65867a_a_47126

1209.*

1209.v50b_005db_19db

1218.*

1218.v39ca_7f7ed0a_c

1228.*

1228.vd93135a_2fb_25

script-security-1.*

script-security-1.0
script-security-1.0-beta-1
script-security-1.0-beta-2
script-security-1.0-beta-3
script-security-1.0-beta-4
script-security-1.0-beta-5
script-security-1.0-beta-6
script-security-1.1
script-security-1.10
script-security-1.11
script-security-1.12
script-security-1.13
script-security-1.14
script-security-1.15
script-security-1.16
script-security-1.17
script-security-1.18
script-security-1.19
script-security-1.2
script-security-1.20
script-security-1.21
script-security-1.22
script-security-1.23
script-security-1.24
script-security-1.25
script-security-1.26
script-security-1.27
script-security-1.28
script-security-1.29
script-security-1.3
script-security-1.30
script-security-1.31
script-security-1.32
script-security-1.33
script-security-1.34
script-security-1.35
script-security-1.36
script-security-1.37
script-security-1.38
script-security-1.39
script-security-1.4
script-security-1.40
script-security-1.41
script-security-1.42
script-security-1.43
script-security-1.44
script-security-1.45
script-security-1.46
script-security-1.47
script-security-1.48
script-security-1.49
script-security-1.5
script-security-1.50
script-security-1.51
script-security-1.52
script-security-1.53
script-security-1.54
script-security-1.55
script-security-1.56
script-security-1.57
script-security-1.58
script-security-1.59
script-security-1.6
script-security-1.60
script-security-1.61
script-security-1.62
script-security-1.63
script-security-1.64
script-security-1.65
script-security-1.66
script-security-1.67
script-security-1.68
script-security-1.69
script-security-1.7
script-security-1.70
script-security-1.71
script-security-1.72
script-security-1.73
script-security-1.74
script-security-1.75
script-security-1.76
script-security-1.77
script-security-1.78
script-security-1.8
script-security-1.9

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "252576359658877600360876216144053827573",
                "166473345394091989809008030801557432013",
                "85632596140383294216546355933540663040",
                "161109933455723079297396059633744961803",
                "118239925104354540098994555514414764024",
                "133102515295696502192842158224499600898",
                "133141852781342419496848933663349603666",
                "289120028526380288324490214150777748687",
                "218573712243301590972972354680555306765",
                "301694960792208716120433918769127479670",
                "263268579892119431788576951034449641805",
                "113397012833931848078791773703398964645",
                "233307894666420522893546784338568819358",
                "103894903767651054177643152786534877891"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-24422-0ff77164",
        "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java"
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 547.0,
            "function_hash": "56915507496468813880641566473497312077"
        },
        "id": "CVE-2023-24422-36fd80af",
        "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73",
        "deprecated": false,
        "target": {
            "function": "onNewInstance",
            "file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "183201234263330094451033045157567487430",
                "82281123413160210516705700982038205383",
                "191246255661837052743342956713251211809",
                "253953290213448273829659149403919424679",
                "307687619166447725947846696646850111935",
                "110176707002996729833857208115542250433",
                "192861198188803495749644732344543863945",
                "163429273033346550641793261082009313493"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-24422-6cdd335f",
        "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73",
        "deprecated": false,
        "target": {
            "file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java"
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 226.0,
            "function_hash": "75979359732697919982903750565913285608"
        },
        "id": "CVE-2023-24422-76115ed2",
        "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73",
        "deprecated": false,
        "target": {
            "function": "infiniteLoop",
            "file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 119.0,
            "function_hash": "316370510420889845660934585150864497771"
        },
        "id": "CVE-2023-24422-d5442d1e",
        "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73",
        "deprecated": false,
        "target": {
            "function": "structConstructor",
            "file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java"
        },
        "signature_type": "Function"
    }
]