A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2022-10-19T00:00:00

Updated: 2024-08-03T13:32:57.407Z

Reserved: 2022-10-18T00:00:00

Link: CVE-2022-43406

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-10-19T16:15:10.427

Modified: 2023-11-22T21:15:18.030

Link: CVE-2022-43406

cve-icon Redhat

Severity : Critical

Publid Date: 2022-10-19T00:00:00Z

Links: CVE-2022-43406 - Bugzilla