Описание
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jenkins:pipeline_classpath_step:0.1.0:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 32%
0.00121
Низкий
8.5 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-592
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.5
github
больше 3 лет назад
Jenkins Pipeline Classpath Step plugin allowed Script Security sandbox bypass
EPSS
Процентиль: 32%
0.00121
Низкий
8.5 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-592
NVD-CWE-noinfo