logo

Database

Security controls bypass or absence In org.jenkins-ci.plugins:script-security

Description

Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-31022. NVD-2016-31023. OSV-2016-31024. GCVE-2016-3102

References

1. https://github.com/jenkinsci/script-security-plugin/commit/e7d3bc9c1e25caa23cea33381134a4baaedc75b82. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.