Lucene search
JenkinsCVELIST:CVE-2022-43405HistoryOct 19, 2022 - 12:00 a.m.
CVE-2022-43405
2022-10-1900:00:00
jenkins
www.cve.org
6
cve-2022-43405
jenkins
pipeline
groovy
libraries
sandbox bypass
vulnerability
attackers
permission
untrusted
scripts
pipelines
sandbox protection
arbitrary code
context
controller jvm
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CNA Affected
[
{
"product": "Jenkins Pipeline: Groovy Libraries Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "593.595.vfc6485d13dcd"
},
{
"lessThanOrEqual": "612.v84da_9c54906d",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
nvd
nvd
CVE-2022-43405
2022-10-19 16:15:10
redhatcve
redhatcve
CVE-2022-43405
2022-10-20 06:17:16
veracode
veracode
Arbitrary Code Execution
2023-03-07 00:49:39
github
github
alpinelinux
alpinelinux
CVE-2022-43405
2022-10-19 16:15:10
prion
prion
Security feature bypass
2022-10-19 16:15:00
cve
cve
CVE-2022-43405
2022-10-19 16:15:10
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00
redhat
redhat