Lucene search
JenkinsCVELIST:CVE-2022-43406HistoryOct 19, 2022 - 12:00 a.m.
CVE-2022-43406
2022-10-1900:00:00
jenkins
www.cve.org
4
jenkins
pipeline
sandbox bypass
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CNA Affected
[
{
"product": "Jenkins Pipeline: Deprecated Groovy Libraries Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "583.vf3b_454e43966",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
github
github
cve
cve
CVE-2022-43406
2022-10-19 16:15:10
nvd
nvd
CVE-2022-43406
2022-10-19 16:15:10
redhatcve
redhatcve
CVE-2022-43406
2022-10-20 06:17:16
veracode
veracode
Arbitrary Code Execution
2023-03-07 00:49:40
alpinelinux
alpinelinux
CVE-2022-43406
2022-10-19 16:15:10
prion
prion
Security feature bypass
2022-10-19 16:15:00
osv
osv
redhat
redhat
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
2024-04-28 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-04-28 00:00:00