4 matches found
com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +87 more potentially affected by CVE-2017-1000096 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.36)
org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2017-1000096 Source advisory: OSV:GHSA-MHWQ-4MH7-F...
CVE-2017-1000096
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with...
CVE-2017-1000096
CVE-2017-1000096 : Concrete details in the connected docs show an arbitrary code execution vulnerability in Jenkins Pipelines due to incomplete sandbox protection. Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, e...
CVE-2017-1000096
The jenkins-plugin-script-security has incomplete sandbox protection which allows attackers to execute arbitrary code via constructors, instance variable initializers, and instance initializers in Pipeline scripts. Exploitation of this requires the attacker to have permission to configure Pipelin...