jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

CVE-2022-43406

A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute...

CVE-2022-43406

CVE-2022-43406 is a sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier. The issue allows attackers with permission to define untrusted Pipeline libraries to define and run sandboxed scripts, including Pipelines, enabling arbitrary c...

GHSA-7W2W-FWPF-9M4H Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure

Jenkins Pipeline: Deprecated Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same workspace directory for all checkouts of Pipeline libraries with the same name regardless of the SCM being used and the source of the library configuration. This allows attackers with Item/Configure...

GHSA-PFWP-Q984-W7WH Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure

Jenkins Pipeline: Deprecated Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization. This allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

GHSA-7RCW-FWFH-2H2G Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure

Jenkins Pipeline: Deprecated Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins...