Sandbox Bypass Vulnerability in Jenkins Script Security Plugin
CVE-2023-24422

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Script Security Plugin
Vendor: CVE Published:; 26 January 2023

What is CVE-2023-24422?

A significant vulnerability affects the Jenkins Script Security Plugin, enabling attackers with the right permissions to circumvent sandbox limitations. Through the manipulation of map constructors, they can execute arbitrary code within the Jenkins controller JVM. This presents a serious threat to the integrity and security of the Jenkins installation, potentially compromising sensitive data and workflows. It is essential for users to implement available safeguards and updates to protect against this exploit.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Script Security Plugin <= 1228.vd93135a_2fb_25

Jenkins Script Security Plugin 1175.1180.v36a_3fb_2dec9c

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECU...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 23, 2023

JSON

Jenkins

What is CVE-2023-24422?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.