Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43405

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Published

2022-10-19T16:15:10.370

Last Modified

2024-11-21T07:26:25.020

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	groovy_libraries	≤ 612.v84da_9c54906d	Yes

References

http://www.openwall.com/lists/oss-security/2022/10/19/3 Mailing List, Third Party Advisory ([email protected])
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/10/19/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)