Lucene search
Redhat.comRH:CVE-2018-1000865HistoryOct 23, 2019 - 6:34 p.m.
CVE-2018-1000865
2019-10-2318:34:18
redhat.com
access.redhat.com
6
0.003 Low
EPSS
Percentile
71.2%
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.
Mitigation
Do not run untrusted jenkins pipeline scripts.
Related
redhatcve
redhatcve
CVE-2018-1000866
2020-04-08 20:50:40
osv
osv
Improper Privilege Management in Jenkins
2022-05-13 01:48:40
CVE-2018-1000865
2018-12-10 14:29:01
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
2022-05-13 01:48:40
prion
prion
Security feature bypass
2018-12-10 14:29:00
Security feature bypass
2018-12-10 14:29:00
cvelist
cvelist
CVE-2018-1000866
2018-12-10 14:00:00
CVE-2018-1000865
2018-12-10 14:00:00
cve
cve
CVE-2018-1000866
2018-12-10 14:29:01
CVE-2018-1000865
2018-12-10 14:29:01
veracode
veracode
Sandbox Restrictions Bypass
2019-05-16 03:24:01
Sandbox Restrictions Bypass
2019-05-16 03:24:00
nvd
nvd
CVE-2018-1000866
2018-12-10 14:29:01
CVE-2018-1000865
2018-12-10 14:29:01
github
github
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
2022-05-13 01:48:40
Improper Privilege Management in Jenkins
2022-05-13 01:48:40