Описание
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.62 (включая)
cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 45%
0.00221
Низкий
4.2 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.2
redhat
больше 6 лет назад
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS3: 4.2
github
больше 3 лет назад
Sandbox bypass vulnerability in Jenkins Script Security Plugin
EPSS
Процентиль: 45%
0.00221
Низкий
4.2 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
NVD-CWE-Other