Lucene search
Veracode Vulnerability DatabaseVERACODE:37623HistoryOct 20, 2022 - 12:57 p.m.
Sandbox Bypass
2022-10-2012:57:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
jenkins
script security
sandbox bypass
vulnerability
array casting
attacker
sandbox restrictions
arbitrary code
0.003 Low
EPSS
Percentile
70.4%
Jenkins Script Security Plugin is vulnerable to Sandbox Bypass. The vulnerability exists during the casting of array-like values to array types that intercepts per-element casts which allows an attacker to bypass sandbox restrictions and execute arbitrary codes.
References
www.openwall.com/lists/oss-security/2022/10/19/3
github.com/jenkinsci/script-security-plugin/commit/85d16bd851b355458f6396dbc4f92c3e0eebcd72
www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29
www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)
www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/
Related
nvd
nvd
CVE-2022-43403
2022-10-19 16:15:10
alpinelinux
alpinelinux
CVE-2022-43403
2022-10-19 16:15:10
osv
osv
Jenkins Script Security Plugin sandbox bypass vulnerability
2022-10-19 19:00:21
CVE-2022-43403
2022-10-19 16:15:10
redhatcve
redhatcve
CVE-2022-43403
2022-10-20 06:47:29
github
github
cve
cve
CVE-2022-43403
2022-10-19 16:15:10
prion
prion
Security feature bypass
2022-10-19 16:15:00
cvelist
cvelist
CVE-2022-43403
2022-10-19 00:00:00
qualysblog
qualysblog
The January 2023 Oracle Critical Patch Update
2023-01-18 00:43:03
redhat
redhat
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
2024-04-28 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-04-28 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00