Home > Vulnerability Database > CVE-2024-34145

Mend.io Vulnerability Database

CVE-2024-34145

Good to know:

Date: May 2, 2024

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Language: Java

Severity Score

8.8

Related Resources (4)

Url: http://www.openwall.com/lists/oss-security/2024/05/02/3

Url: https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34145

Url: https://www.mend.io/vulnerability-database/CVE-2024-34145

Severity Score

8.8

Weakness Type (CWE)

Authentication Bypass by Spoofing

CWE-290

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:script-security:1336.vf33a_a_9863911

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34145

Good to know:

Date: May 2, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?