Описание
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
A flaw was found in Jenkins Pipeline. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. This allows users with Overall/Read permission, or able to control Jenkinsfile or sandboxed Pipeline shared library contents in SCM, to bypass the sandbox protection and execute arbitrary code on the Jenkins master. All known unsafe AST transformations in Groovy are now prohibited in sandboxed scripts. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-plugin-pipeline-model-definition | Affected | ||
| Red Hat OpenShift Container Platform 3.2 | jenkins-plugin-pipeline-model-definition | Not affected | ||
| Red Hat OpenShift Container Platform 3.3 | jenkins-plugin-pipeline-model-definition | Not affected | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins-plugin-pipeline-model-definition | Not affected | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins-plugin-pipeline-model-definition | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-plugin-pipeline-model-definition | Affected | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-plugin-pipeline-model-definition | Affected | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-plugin-pipeline-model-definition | Affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-enterprise-service-catalog | Fixed | RHBA-2019:0326 | 20.02.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability
EPSS
8.8 High
CVSS3