Description
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-2645 | A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. |
Github GHSA |
GHSA-5r74-pgmq-92mm | Script security sandbox bypass in Jenkins Job DSL Plugin |
References
History
No history.
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-08-05T03:07:16.812Z
Reserved: 2019-03-08T00:00:00.000Z
Link: CVE-2019-1003034
No data.
Status : Modified
Published: 2019-03-08T21:29:00.500
Modified: 2026-06-17T02:09:35.063
Link: CVE-2019-1003034
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-20
Improper Input Validation
- NVD-CWE-noinfo
EUVD
Github GHSA