Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43406

A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Published

2022-10-19T16:15:10.427

Last Modified

2024-11-21T07:26:25.170

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	groovy_libraries	≤ 583.vf3b_454e43966	Yes

References

http://www.openwall.com/lists/oss-security/2022/10/19/3 Mailing List, Third Party Advisory ([email protected])
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/10/19/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)