CVE-2017-1000107 – org.jenkins-ci.plugins:script-security

Package

Manager: maven
Name: org.jenkins-ci.plugins:script-security
Vulnerable Version: >=0 <1.31

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00274 pctl0.50508

Details

Sandbox bypass in Jenkins Script Security Plugin sandbox bypass Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

Metadata

Created: 2022-05-13T01:40:57Z
Modified: 2024-01-30T22:44:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h7rx-r733-7x7r/GHSA-h7rx-r733-7x7r.json
CWE IDs: []
Alternative ID: GHSA-h7rx-r733-7x7r
Finding: F115
Auto approve: 1