GHSA-h7rx-r733-7x7r

Source

https://github.com/advisories/GHSA-h7rx-r733-7x7r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h7rx-r733-7x7r/GHSA-h7rx-r733-7x7r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-h7rx-r733-7x7r

Aliases

CVE-2017-1000107

Published

2022-05-13T01:40:57Z

Modified

2024-12-04T05:37:18.870878Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Sandbox bypass in Jenkins Script Security Plugin sandbox bypass

Details

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

Database specific

{
    "nvd_published_at": "2017-10-05T01:29:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T22:44:02Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:script-security

Package

Name: org.jenkins-ci.plugins:script-security; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/script-security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.31

Affected versions

1.*

1.0-beta-1

1.0-beta-2

1.0-beta-3

1.0-beta-4

1.0-beta-5

1.0-beta-6

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.7

1.8

1.9

1.10

1.11

1.12

1.13

1.14

1.15

1.16

1.17

1.18

1.18.1

1.19

1.20

1.21

1.22

1.23

1.24

1.25

1.26

1.27

1.28

1.29

1.29.1

1.30

Database specific

{
    "last_known_affected_version_range": "<= 1.30"
}