Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.
2024-11-13T21:15:29.540
2025-10-03T00:56:06.223
Analyzed
CVSSv3.1: 8.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | jenkins | shared_library_version_override | ≤ 17.v786074c9fce7 | Yes |