WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-24422 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Description

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016

Related Vulnerabilities

CVE-2023-46652 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation

CVE-2011-1411 Vulnerability in maven package org.opensaml:opensaml

CVE-2019-11358 Vulnerability in npm package jquery

CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources

CVE-2016-8750 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Vendor Advisory