The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
Advisories
Source ID Title
EUVD EUVD EUVD-2016-4157 Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection
Github GHSA Github GHSA GHSA-xgjx-96v4-mqxx Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-05T23:47:56.955Z

Reserved: 2016-03-10T00:00:00

Link: CVE-2016-3102

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-02-09T15:59:01.003

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-3102

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-04-11T00:00:00Z

Links: CVE-2016-3102 - Bugzilla

cve-icon OpenCVE Enrichment

No data.