Sandbox Bypass Vulnerability in Jenkins Script Security Plugin Allows Arbitrary Code Execution
CVE-2024-34144
9.8CRITICAL
Summary
This vulnerability allows attackers with appropriate permissions to circumvent the sandbox protections within the Jenkins Script Security Plugin. By leveraging crafted constructor bodies, attackers can execute arbitrary code in the context of the Jenkins controller JVM. This poses a significant security risk, as it can lead to unauthorized access and control over Jenkins environments.
Affected Version(s)
Jenkins Script Security Plugin 0 <= 1335.vf07d9ce377a_e
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved