GHSA-76qj-9gwh-pvv3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-76qj-9gwh-pvv3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-76qj-9gwh-pvv3/GHSA-76qj-9gwh-pvv3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-76qj-9gwh-pvv3
- Aliases
- Published
- 2023-01-26T21:30:19Z
- Modified
- 2024-01-04T12:33:55.908448Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Sandbox bypass in Jenkins Script Security Plugin
- Details
-
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
- References
Affected packages
Maven / org.jenkins-ci.plugins:script-security
Package
- Name
- org.jenkins-ci.plugins:script-security
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/script-security
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1229.v4880b
Affected versions
1.*
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.18.1
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.29
1.29.1
1.30
1.31
1.33
1.34
1.35
1.36
1.37
1.38
1.39
1.40
1.41
1.42
1.43
1.44
1.44.1
1.45
1.46
1.46.1
1.47
1.48
1.49
1.50
1.51
1.52
1.53
1.54
1.54.1
1.54.2
1.54.3
1.54.4
1.55
1.56
1.57
1.57.1
1.57.2
1.57.3
1.57.4
1.57.5
1.57.6
1.58
1.59
1.60
1.60.1
1.61
1.62
1.63
1.63.1
1.64
1.65
1.66
1.66.1
1.66.2
1.66.3
1.66.4
1.66.5
1.67
1.68
1.69
1.70
1.71
1.72
1.73
1.74
1.75
1.76
1.77
1.78
1.78.1
1118.*
1118.vba21ca2e3286
1125.*
1125.v132f99385e1b_
1131.*
1131.v8b_b_5eda_c328e
1138.*
1138.v8e727069a_025
1140.*
1140.vf967fb_efa_55a_
1145.*
1145.vb_cf6cf6ed960
1145.1148.vf6d17a_a_a_eef6
1146.*
1146.vdf547f19a_473
1158.*
1158.v7c1b_73a_69a_08
1172.*
1172.v35f6a_0b_8207e
1175.*
1175.v4b_d517d6db_f0
1175.1177.vda_175b_77d144
1175.1179.vea_f7532629e1
1175.1180.v36a_3fb_2dec9c
1183.*
1183.v774b_0b_0a_a_451
1184.*
1184.v85d16b_d851b_3
1189.*
1189.vb_a_b_7c8fd5fde
1190.*
1190.v65867a_a_47126
1209.*
1209.v50b_005db_19db
1218.*
1218.v39ca_7f7ed0a_c
1228.*
1228.vd93135a_2fb_25