Описание
Jenkins Groovy Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Groovy Plugin 2.2 uses Script Security APIs that apply sandbox protection during these phases.
Пакеты
Наименование
org.jenkins-ci.plugins:groovy
maven
Затронутые версииВерсия исправления
<= 2.1
2.2
Связанные уязвимости
CVSS3: 8.8
nvd
почти 7 лет назад
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.