Search criteria
2 vulnerabilities found for Jenkins Pipeline: Groovy Libraries Plugin by Jenkins project
CVE-2022-43405 (GCVE-0-2022-43405)
Vulnerability from cvelistv5 – Published: 2022-10-19 00:00 – Updated: 2024-08-03 13:32
VLAI?
Summary
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jenkins project | Jenkins Pipeline: Groovy Libraries Plugin |
Unaffected:
593.595.vfc6485d13dcd
Affected: unspecified , ≤ 612.v84da_9c54906d (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29"
},
{
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Pipeline: Groovy Libraries Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "593.595.vfc6485d13dcd"
},
{
"lessThanOrEqual": "612.v84da_9c54906d",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:25:31.534Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29"
},
{
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-43405",
"datePublished": "2022-10-19T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-08-03T13:32:58.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43405 (GCVE-0-2022-43405)
Vulnerability from nvd – Published: 2022-10-19 00:00 – Updated: 2024-08-03 13:32
VLAI?
Summary
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jenkins project | Jenkins Pipeline: Groovy Libraries Plugin |
Unaffected:
593.595.vfc6485d13dcd
Affected: unspecified , ≤ 612.v84da_9c54906d (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29"
},
{
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Pipeline: Groovy Libraries Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "593.595.vfc6485d13dcd"
},
{
"lessThanOrEqual": "612.v84da_9c54906d",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:25:31.534Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29"
},
{
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-43405",
"datePublished": "2022-10-19T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-08-03T13:32:58.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}