CVE-2018-1000865

Опубликовано: 10 дек. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

Ссылки

https://access.redhat.com/errata/RHBA-2019:0326
Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory
https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
Vendor Advisory
https://access.redhat.com/errata/RHBA-2019:0326
Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory
https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*

Версия до 1.47 (включая)

Конфигурация 2

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00615

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

CVE-2018-1000865

CVSS3: 8.8

redhat

больше 7 лет назад

CVE-2018-1000865

CVSS3: 8.8

debian

около 7 лет назад

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...

GHSA-p4p5-3v2j-w5rv

CVSS3: 8.8

github

больше 3 лет назад

Improper Privilege Management in Jenkins

EPSS

Процентиль: 69%

0.00615

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269