Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tNjh4LWNjMmYtZ3I1aM4AAR1r
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object).
Permalink: https://github.com/advisories/GHSA-m68x-cc2f-gr5hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNjh4LWNjMmYtZ3I1aM4AAR1r
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-m68x-cc2f-gr5h, CVE-2017-1000095
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000095
- https://jenkins.io/security/advisory/2017-07-10/
- https://github.com/advisories/GHSA-m68x-cc2f-gr5h
Affected Packages
maven:org.jenkins-ci.plugins:script-security
Affected Version Ranges: <= 1.29Fixed in: 1.29.1