GHSA-qw28-g63m-jxqv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qw28-g63m-jxqv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qw28-g63m-jxqv/GHSA-qw28-g63m-jxqv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qw28-g63m-jxqv
- Aliases
- Published
- 2022-05-24T16:43:54Z
- Modified
- 2024-02-16T08:23:35.604981Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Sandbox bypass in ontrack Jenkins Plugin
- Details
-
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
- Database specific
{ "nvd_published_at": "2019-04-18T17:29:00Z", "cwe_ids": [ "CWE-863" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-09-09T00:51:51Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:ontrack
Package
- Name
- org.jenkins-ci.plugins:ontrack
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/ontrack
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.1
Affected versions
2.*
2.4.1
2.4.2
2.4.3
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0
2.11.0
2.12.0
2.13.0
2.13.1
2.13.2
2.14.0
2.15.0
2.16.0
2.17.0
2.18.0
2.18.1
2.19.0
2.19.1
2.19.2
2.21.0
2.22.0
2.22.4
2.25.0
2.25.1
2.26.0
2.28.0
2.28.1
2.28.2
2.29.0
2.29.1
2.30.0
2.30.1
2.30.2
2.30.3
2.30.3.1
2.30.3.2
2.30.3.3
2.30.3.4
2.30.3.5
2.30.3.6
2.30.3.7
2.30.3.8
2.30.3.9
2.30.4
2.30.5
2.31.0
2.31.1
2.31.2
2.31.3
2.31.4
2.31.5
2.31.6
2.32.0
2.32.1
2.32.2
2.32.3
2.32.4
2.32.5
2.33.0
2.33.2
2.33.3
2.33.4
3.*
3.0
3.1
3.2
3.3
3.3.5
3.4