Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oN3J4LXI3MzMtN3g3cs4AAR2D
Sandbox bypass in Jenkins Script Security Plugin sandbox bypass
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.
Permalink: https://github.com/advisories/GHSA-h7rx-r733-7x7rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oN3J4LXI3MzMtN3g3cs4AAR2D
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-h7rx-r733-7x7r, CVE-2017-1000107
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000107
- https://jenkins.io/security/advisory/2017-08-07/
- https://github.com/advisories/GHSA-h7rx-r733-7x7r
Affected Packages
maven:org.jenkins-ci.plugins:script-security
Affected Version Ranges: <= 1.30Fixed in: 1.31