Lucene search
JenkinsCVELIST:CVE-2022-43401HistoryOct 19, 2022 - 12:00 a.m.
CVE-2022-43401
2022-10-1900:00:00
jenkins
www.cve.org
cve-2022-43401
groovy language runtime
jenkins controller jvm
arbitrary code execution
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CNA Affected
[
{
"product": "Jenkins Script Security Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "1175.1177.vda_175b_77d144"
},
{
"lessThanOrEqual": "1183.v774b_0b_0a_a_451",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-43401
2022-10-19 16:15:10
veracode
veracode
Sandbox Bypass
2022-10-20 11:23:44
osv
osv
CVE-2022-43401
2022-10-19 16:15:10
nvd
nvd
CVE-2022-43401
2022-10-19 16:15:10
redhatcve
redhatcve
CVE-2022-43401
2022-10-20 06:47:20
alpinelinux
alpinelinux
CVE-2022-43401
2022-10-19 16:15:10
prion
prion
Security feature bypass
2022-10-19 16:15:00
github
github
qualysblog
qualysblog
Oracle Patch Tuesday April 2023 Security Update Review
2023-04-19 11:47:21
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00