A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "252576359658877600360876216144053827573", "166473345394091989809008030801557432013", "85632596140383294216546355933540663040", "161109933455723079297396059633744961803", "118239925104354540098994555514414764024", "133102515295696502192842158224499600898", "133141852781342419496848933663349603666", "289120028526380288324490214150777748687", "218573712243301590972972354680555306765", "301694960792208716120433918769127479670", "263268579892119431788576951034449641805", "113397012833931848078791773703398964645", "233307894666420522893546784338568819358", "103894903767651054177643152786534877891" ] }, "id": "CVE-2023-24422-0ff77164", "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java" }, "deprecated": false }, { "digest": { "function_hash": "56915507496468813880641566473497312077", "length": 547.0 }, "id": "CVE-2023-24422-36fd80af", "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73", "signature_type": "Function", "signature_version": "v1", "target": { "file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java", "function": "onNewInstance" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "183201234263330094451033045157567487430", "82281123413160210516705700982038205383", "191246255661837052743342956713251211809", "253953290213448273829659149403919424679", "307687619166447725947846696646850111935", "110176707002996729833857208115542250433", "192861198188803495749644732344543863945", "163429273033346550641793261082009313493" ] }, "id": "CVE-2023-24422-6cdd335f", "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java" }, "deprecated": false }, { "digest": { "function_hash": "75979359732697919982903750565913285608", "length": 226.0 }, "id": "CVE-2023-24422-76115ed2", "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73", "signature_type": "Function", "signature_version": "v1", "target": { "file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java", "function": "infiniteLoop" }, "deprecated": false }, { "digest": { "function_hash": "316370510420889845660934585150864497771", "length": 119.0 }, "id": "CVE-2023-24422-d5442d1e", "source": "https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73", "signature_type": "Function", "signature_version": "v1", "target": { "file": "src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java", "function": "structConstructor" }, "deprecated": false } ] }