182 matches found
CVE-2018-1000866
CVE-2018-1000866 describes a sandbox bypass in Jenkins Pipeline: Groovy Plugin 2.59 and earlier. The vulnerability stems from SandboxTransformer.java and SandboxCpsTransformer.java, enabling code execution on the Jenkins master JVM when an attacker has Job/Configure permissions or SCM commit priv...
CVE-2018-1000866
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permissio...