Lucene search
GitHub Advisory DatabaseGHSA-76QJ-9GWH-PVV3HistoryJan 26, 2023 - 9:30 p.m.
Sandbox bypass in Jenkins Script Security Plugin
2023-01-2621:30:19
CWE-78
GitHub Advisory Database
github.com
40
0.0004 Low
EPSS
Percentile
5.2%
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jenkins-ci.plugins:script-security | lt | 1229.v4880b |
Related
osv
osv
CVE-2023-24422
2023-01-26 21:18:16
Sandbox bypass in Jenkins Script Security Plugin
2023-01-26 21:30:19
cvelist
cvelist
CVE-2023-24422
2023-01-24 00:00:00
prion
prion
Security feature bypass
2023-01-26 21:18:00
redhatcve
redhatcve
CVE-2023-24422
2023-01-25 04:05:54
alpinelinux
alpinelinux
CVE-2023-24422
2023-01-26 21:18:16
cve
cve
CVE-2023-24422
2023-01-26 21:18:16
redhat
redhat
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3195)
2024-04-28 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2023:7288)
2024-04-23 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2023:6179)
2024-04-28 00:00:00
