Sandbox Bypass Vulnerability in Jenkins Script Security Plugin Allows Arbitrary Code Execution
CVE-2024-34145

8.8HIGH

Key Information:

Vendor

Jenkins
Status
Jenkins Script Security Plugin
Vendor
CVE Published:
2 May 2024

What is CVE-2024-34145?

A critical sandbox bypass vulnerability exists in the Jenkins Script Security Plugin that affects versions up to 1335.vf07d9ce377a_e. This vulnerability allows attackers with permissions to define and execute sandboxed scripts—such as Pipelines—to bypass the security measures in place. By exploiting this flaw, attackers can run arbitrary code within the context of the Jenkins controller JVM, thereby compromising the integrity of the Jenkins environment. It is crucial for users of affected versions to apply necessary updates and patches to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Script Security Plugin 0 <= 1335.vf07d9ce377a_e

References

https://www.jenkins.io/security/advisory/2024-05-02/#SECU...
vendor-advisory
http://www.openwall.com/lists/oss-security/2024/05/02/3

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.