Published: 26/01/2023 Updated: 04/02/2023

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins script security

DescriptionA flaw was found in the script-security Jenkins Plugin In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox This vulnerability allows attackers with permission to define and run sandboxed scr ...

CVE-2023-24422 A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM authentication complexity vector not

CWE-78 https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016 https://github.com/Live-Hack-CVE/CVE-2023-24422 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-24422

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-24422

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect