CVE-2024-34144

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-34144
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34144.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-34144
Aliases
Downstream
Related
Published
2024-05-02T14:15:10.280Z
Modified
2026-02-04T04:01:42.335886Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

References

Affected packages

Git / github.com/jenkinsci/script-security-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/script-security-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f07d9ce377aefdad4794a520effe20638983124b

Affected versions

1118.*
1118.vba21ca2e3286
1125.*
1125.v132f99385e1b_
1131.*
1131.v8b_b_5eda_c328e
1138.*
1138.v8e727069a_025
1140.*
1140.vf967fb_efa_55a_
1145.*
1145.vb_cf6cf6ed960
1146.*
1146.vdf547f19a_473
1158.*
1158.v7c1b_73a_69a_08
1172.*
1172.v35f6a_0b_8207e
1175.*
1175.v4b_d517d6db_f0
1183.*
1183.v774b_0b_0a_a_451
1184.*
1184.v85d16b_d851b_3
1189.*
1189.vb_a_b_7c8fd5fde
1190.*
1190.v65867a_a_47126
1209.*
1209.v50b_005db_19db
1218.*
1218.v39ca_7f7ed0a_c
1228.*
1228.vd93135a_2fb_25
1229.*
1229.v4880b_b_e905a_6
1244.*
1244.ve463715a_f89c
1251.*
1251.vfe552ed55f8d
1264.*
1264.vecf66020eb_7d
1265.*
1265.va_fb_290b_4b_d34
1269.*
1269.v639888f5e366
1271.*
1271.vdede89739a_81
1273.*
1273.v66c1964f0dfd
1274.*
1274.v2b_33362a_f2f5
1275.*
1275.v23895f409fb_d
1281.*
1281.v22fb_899df1a_e
1294.*
1294.v99333c047434
1301.*
1301.v0079b_cd0cdfa_
1305.*
1305.v487433146192
1310.*
1310.vf24a_dfce068b_
1313.*
1313.v7a_6067dc7087
1321.*
1321.va_73c0795b_923
1326.*
1326.vdb_c154de8669
1335.*
1335.vf07d9ce377a_e
script-security-1.*
script-security-1.0
script-security-1.0-beta-1
script-security-1.0-beta-2
script-security-1.0-beta-3
script-security-1.0-beta-4
script-security-1.0-beta-5
script-security-1.0-beta-6
script-security-1.1
script-security-1.10
script-security-1.11
script-security-1.12
script-security-1.13
script-security-1.14
script-security-1.15
script-security-1.16
script-security-1.17
script-security-1.18
script-security-1.19
script-security-1.2
script-security-1.20
script-security-1.21
script-security-1.22
script-security-1.23
script-security-1.24
script-security-1.25
script-security-1.26
script-security-1.27
script-security-1.28
script-security-1.29
script-security-1.3
script-security-1.30
script-security-1.31
script-security-1.32
script-security-1.33
script-security-1.34
script-security-1.35
script-security-1.36
script-security-1.37
script-security-1.38
script-security-1.39
script-security-1.4
script-security-1.40
script-security-1.41
script-security-1.42
script-security-1.43
script-security-1.44
script-security-1.45
script-security-1.46
script-security-1.47
script-security-1.48
script-security-1.49
script-security-1.5
script-security-1.50
script-security-1.51
script-security-1.52
script-security-1.53
script-security-1.54
script-security-1.55
script-security-1.56
script-security-1.57
script-security-1.58
script-security-1.59
script-security-1.6
script-security-1.60
script-security-1.61
script-security-1.62
script-security-1.63
script-security-1.64
script-security-1.65
script-security-1.66
script-security-1.67
script-security-1.68
script-security-1.69
script-security-1.7
script-security-1.70
script-security-1.71
script-security-1.72
script-security-1.73
script-security-1.74
script-security-1.75
script-security-1.76
script-security-1.77
script-security-1.78
script-security-1.8
script-security-1.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34144.json"