Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oN3J4LXI3MzMtN3g3cs4AAR2D

Sandbox bypass in Jenkins Script Security Plugin sandbox bypass

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

Permalink: https://github.com/advisories/GHSA-h7rx-r733-7x7r
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oN3J4LXI3MzMtN3g3cs4AAR2D
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 10 months ago


CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-h7rx-r733-7x7r, CVE-2017-1000107
References: Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:script-security
Affected Version Ranges: <= 1.30
Fixed in: 1.31