We found results for “”
CVE-2024-34145
Good to know:
Date: May 2, 2024
A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Authentication Bypass by Spoofing
CWE-290Top Fix
Upgrade Version
Upgrade to version org.jenkins-ci.plugins:script-security:1336.vf33a_a_9863911
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |