Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-p4p5-3v2j-w5rv

Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 8.8

Описание

Improper Privilege Management in Jenkins

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:script-security

maven
Затронутые версииВерсия исправления

<= 1.47

1.48

EPSS

Процентиль: 69%
0.00615
Низкий

8.8 High

CVSS3

CVE ID

CVE-2018-1000865

Дефекты

CWE-269

Связанные уязвимости

redhat логотип

CVE-2018-1000865

CVSS3: 8.8
redhat
больше 7 лет назад

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

nvd логотип

CVE-2018-1000865

CVSS3: 8.8
nvd
около 7 лет назад

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

debian логотип

CVE-2018-1000865

CVSS3: 8.8
debian
около 7 лет назад

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...

EPSS

Процентиль: 69%
0.00615
Низкий

8.8 High

CVSS3

CVE ID

CVE-2018-1000865

Дефекты

CWE-269