We found results for “”
CVE-2024-34144
Good to know:
Date: May 2, 2024
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Language: Java
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Protection Mechanism Failure
CWE-693Top Fix
Upgrade Version
Upgrade to version org.jenkins-ci.plugins:script-security:1336.vf33a_a_9863911
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |