Описание
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
A flaw was found in Jenkins Pipeline. The Script Security sandbox protection could be circumvented during the script compilation phase by applying AST, transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with Overall/Read permission, or able to control Jenkinsfile or sandboxed Pipeline shared library contents in SCM, to bypass the sandbox protection and execute arbitrary code on the Jenkins master. All known unsafe AST transformations in Groovy are now prohibited in sandboxed scripts. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-plugin-script-security | Affected | ||
| Red Hat OpenShift Container Platform 3.2 | jenkins-plugin-script-security | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.3 | jenkins-plugin-script-security | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins-plugin-script-security | Affected | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins-plugin-script-security | Affected | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-plugin-script-security | Affected | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-plugin-script-security | Affected | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-plugin-script-security | Affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-enterprise-service-catalog | Fixed | RHBA-2019:0326 | 20.02.2019 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
Protection Mechanism Failure in Jenkins Script Security Plugin
8.8 High
CVSS3