Описание
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- US Government Resource
Уязвимые конфигурации
EPSS
9.9 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
Sandbox bypass in Jenkins Pipeline: Groovy Plugin
Уязвимость компонентов pom.xml и CpsGroovyShell.java плагина Jenkins Pipeline, позволяющая нарушителю выполнить произвольный код
EPSS
9.9 Critical
CVSS3
6.5 Medium
CVSS2