Lucene search
JenkinsCVELIST:CVE-2023-24422HistoryJan 24, 2023 - 12:00 a.m.
CVE-2023-24422
2023-01-2400:00:00
jenkins
www.cve.org
jenkins
script security plugin
sandbox bypass
map constructors
arbitrary code execution
cve-2023-24422
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CNA Affected
[
{
"product": "Jenkins Script Security Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "1228.vd93135a_2fb_25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1175.1180.v36a_3fb_2dec9c"
}
]
}
]Related
osv
osv
CVE-2023-24422
2023-01-26 21:18:16
Sandbox bypass in Jenkins Script Security Plugin
2023-01-26 21:30:19
github
github
Sandbox bypass in Jenkins Script Security Plugin
2023-01-26 21:30:19
prion
prion
Security feature bypass
2023-01-26 21:18:00
redhatcve
redhatcve
CVE-2023-24422
2023-01-25 04:05:54
nvd
nvd
CVE-2023-24422
2023-01-26 21:18:16
alpinelinux
alpinelinux
CVE-2023-24422
2023-01-26 21:18:16
cve
cve
CVE-2023-24422
2023-01-26 21:18:16
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3195)
2024-04-28 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2023:7288)
2024-04-23 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2023:6179)
2024-04-28 00:00:00
redhat
redhat
