CVE-2018-1000865

Опубликовано: 29 окт. 2018

Источник: redhat

CVSS3: 8.8

EPSS Низкий

Описание

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

Меры по смягчению последствий

Do not run untrusted jenkins pipeline scripts.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat OpenShift Container Platform 3.10	jenkins-plugin-script-security	Affected
Red Hat OpenShift Container Platform 3.10	jenkins-plugin-workflow-cps	Affected
Red Hat OpenShift Container Platform 3.11	jenkins-plugin-script-security	Affected
Red Hat OpenShift Container Platform 3.2	jenkins-plugin-script-security	Affected
Red Hat OpenShift Container Platform 3.2	jenkins-plugin-workflow-cps	Affected
Red Hat OpenShift Container Platform 3.3	jenkins-plugin-script-security	Affected
Red Hat OpenShift Container Platform 3.3	jenkins-plugin-workflow-cps	Affected
Red Hat OpenShift Container Platform 3.4	jenkins-plugin-script-security	Affected
Red Hat OpenShift Container Platform 3.4	jenkins-plugin-workflow-cps	Affected
Red Hat OpenShift Container Platform 3.5	jenkins-plugin-script-security	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-94

https://bugzilla.redhat.com/show_bug.cgi?id=1647059jenkins-plugin-script-security: Sandbox Bypass in finalize methods

EPSS

Процентиль: 69%

0.00615

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2018-1000865

CVSS3: 8.8

nvd

около 7 лет назад

CVE-2018-1000865

CVSS3: 8.8

debian

около 7 лет назад

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...

GHSA-p4p5-3v2j-w5rv

CVSS3: 8.8

github

больше 3 лет назад

Improper Privilege Management in Jenkins

EPSS

Процентиль: 69%

0.00615

Низкий

8.8 High

CVSS3