← Zuruck zu CVEs

CVE-2022-43401

CRITICAL

9.9

Beschreibung

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

CVE Details

CVSS v3.1 Bewertung9.9

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht10/19/2022

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

jenkins:script_security

Referenzen

http://www.openwall.com/lists/oss-security/2022/10/19/3(jenkinsci-cert@googlegroups.com)

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29(jenkinsci-cert@googlegroups.com)

http://www.openwall.com/lists/oss-security/2022/10/19/3(af854a3a-2127-422b-91ae-364da2661108)

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.