Sandbox Bypass Vulnerability in Jenkins Script Security Plugin
CVE-2022-43403

9.9CRITICAL

Key Information:

Vendor

Jenkins
Status
Jenkins Script Security Plugin
Vendor
CVE Published:
19 October 2022

What is CVE-2022-43403?

A vulnerability exists in the Jenkins Script Security Plugin that allows attackers with sufficient permissions to exploit a flaw in the sandbox mechanism. By casting an array-like value to an array type, an attacker can bypass the sandbox security and execute arbitrary code within the Jenkins controller's Java Virtual Machine (JVM). This poses significant security risks for environments relying on Jenkins for CI/CD operations, potentially leading to unauthorized access and control over the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Script Security Plugin <= 1183.v774b_0b_0a_a_451

Jenkins Script Security Plugin 1175.1177.vda_175b_77d144

References

https://www.jenkins.io/security/advisory/2022-10-19/#SECU...
http://www.openwall.com/lists/oss-security/2022/10/19/3
mailing-list
https://www.secpod.com/blog/oracle-releases-critical-secu...

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.