HIGH 7.3 Maven
Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection
GHSA-xgjx-96v4-mqxx · CVE-2016-3102
Published · Modified
Description
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-3102
- WEB https://github.com/jenkinsci/script-security-plugin/commit/e7d3bc9c1e25caa23cea33381134a4baaedc75b8
- PACKAGE https://github.com/jenkinsci/script-security-plugin
- WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11
Ready to move
Start Securing
Free, no credit card | First findings in minutes