GHSA-qvmf-36h5-3f5v

Suggest an improvement
Source
https://github.com/advisories/GHSA-qvmf-36h5-3f5v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qvmf-36h5-3f5v/GHSA-qvmf-36h5-3f5v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qvmf-36h5-3f5v
Aliases
Published
2022-05-24T17:08:45Z
Modified
2024-02-16T08:23:25.460499Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Improper Input Validation in Jenkins Script Security Plugin
Details

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Database specific
{
    "nvd_published_at": "2020-02-12T15:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-24T00:59:37Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:script-security

Package

Name
org.jenkins-ci.plugins:script-security
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/script-security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.70

Affected versions

1.*

1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.18.1
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.29
1.29.1
1.30
1.31
1.33
1.34
1.35
1.36
1.37
1.38
1.39
1.40
1.41
1.42
1.43
1.44
1.44.1
1.45
1.46
1.46.1
1.47
1.48
1.49
1.50
1.51
1.52
1.53
1.54
1.54.1
1.54.2
1.54.3
1.54.4
1.55
1.56
1.57
1.57.1
1.57.2
1.57.3
1.57.4
1.57.5
1.57.6
1.58
1.59
1.60
1.60.1
1.61
1.62
1.63
1.63.1
1.64
1.65
1.66
1.66.1
1.66.2
1.66.3
1.66.4
1.66.5
1.67
1.68
1.69

Database specific

{
    "last_known_affected_version_range": "<= 1.69"
}