Описание
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
A flaw was found in the Jenkins script security sandbox. The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab could be circumvented through use of various Groovy language features including the use of AnnotationCollector, import aliasing, and referencing annotation types using their full class name. This allows users with Overall/Read permission, or the ability to control Jenkinsfile or sandboxed Pipeline shared library contents in SCM, to bypass the sandbox protection and execute arbitrary code on the Jenkins master. The highest threat from this vulnerability is to data confidentiality and integrity and system availability.
Отчет
This flaw affects the jenkins-2-plugins RPM which is installed in the openshift3/jenkins-2-rhel7 container image. Security updates for this image are only released for versions 3.11 and 4.x of OpenShift Container Platform. The 3.11 version of the openshift3/jenkins-2-rhel7 container image is supported for use with previous versions of OpenShift Container Platform up to 3.4. For more information, refer to the OpenShift Jenkins README: https://github.com/openshift/jenkins/blob/master/README.md#jenkins-security-advisories-the-master-image-from-this-repository-and-the-oc-binary
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.10 | jenkins-plugin-script-security | Will not fix | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins-plugin-script-security | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins-plugin-script-security | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-plugin-script-security | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-plugin-script-security | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-plugin-script-security | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...
Jenkins Script Security Plugin sandbox bypass vulnerability
Уязвимость компонента RejectASTTransformsCustomizer.java плагина Jenkins Script Security, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3