Lucene search

K
nvd[email protected]NVD:CVE-2022-43406
HistoryOct 19, 2022 - 4:15 p.m.

CVE-2022-43406

2022-10-1916:15:10
web.nvd.nist.gov
13
jenkins
pipeline
sandbox bypass
vulnerability
arbitrary code

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

47.2%

A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Affected configurations

Nvd
Node
jenkinsgroovy_librariesRange583.vf3b_454e43966jenkins
VendorProductVersionCPE
jenkinsgroovy_libraries*cpe:2.3:a:jenkins:groovy_libraries:*:*:*:*:*:jenkins:*:*

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

47.2%