Lucene search
GoogleOSV:GHSA-FM3J-R98G-97JHHistoryMay 13, 2022 - 1:15 a.m.
Jenkins Groovy Plugin sandbox bypass vulnerability
2022-05-1301:15:06
Google
osv.dev
7
jenkins
groovy
plugin
sandbox
bypass
vulnerability
pom.xml
script security apis
arbitrary code
jenkins master jvm
EPSS
0.001
Percentile
47.5%
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Groovy Plugin 2.2 uses Script Security APIs that apply sandbox protection during these phases.
Related
nvd
nvd
CVE-2019-1003033
2019-03-08 21:29:00
prion
prion
Security feature bypass
2019-03-08 21:29:00
cvelist
cvelist
CVE-2019-1003033
2019-03-08 21:00:00
cve
cve
CVE-2019-1003033
2019-03-08 21:29:00
osv
osv
CVE-2019-1003033
2019-03-08 21:29:00
github
github
Jenkins Groovy Plugin sandbox bypass vulnerability
2022-05-13 01:15:06