3 matches found
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...
GHSA-V63G-V339-2673 Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...
PT-2022-26886 · Jenkins · Jenkins Pipeline: Groovy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2802.v5ea 628154b c2 and earlier Description: A sandbox bypass issue involves implicit casts by the Groovy language runtime, allowing attackers with permission to define and run sandboxed scripts to...