You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/script-security/1229.v4880b_b_e905a_6/6d8dfb75093b8b8973af431a5fb129a91ce87525/script-security-1229.v4880b_b_e905a_6.jar
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
mend-for-github-combot
changed the title
CVE-2024-34144 (Medium) detected in script-security-1229.v4880b_b_e905a_6.jar
CVE-2024-34144 (High) detected in script-security-1229.v4880b_b_e905a_6.jar
May 6, 2024
CVE-2024-34144 - High Severity Vulnerability
Vulnerable Library - script-security-1229.v4880b_b_e905a_6.jar
Allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.
Library home page: https://github.com/
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/script-security/1229.v4880b_b_e905a_6/6d8dfb75093b8b8973af431a5fb129a91ce87525/script-security-1229.v4880b_b_e905a_6.jar
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Publish Date: 2024-05-02
URL: CVE-2024-34144
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-34144
Release Date: 2024-05-02
Fix Resolution: org.jenkins-ci.plugins:script-security:1336.vf33a_a_9863911
The text was updated successfully, but these errors were encountered: