WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-24422 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Description

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Remediation

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016

Related Vulnerabilities

CVE-2018-8718 Vulnerability in maven package org.jenkins-ci.plugins:mailer

CVE-2012-3353 Vulnerability in maven package org.apache.sling:org.apache.sling.jcr.contentloader

CVE-2020-26870 Vulnerability in maven package org.webjars.bowergithub.cure53:dompurify

CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-postgis

CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:apache-ldap-api

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Vendor Advisory