CVE-2024-34144

May 2, 2024, 6 p.m.

Tags

2024-05-02
CVE-2024-34144
jenkinsci-cert@googlegroups.com

Product(s) Impacted

Jenkins Script Security Plugin

  • 1335.vf07d9ce377a_e and earlier

Description

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Weaknesses

Date

Published: May 2, 2024, 2:15 p.m.

Last Modified: May 2, 2024, 6 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

jenkinsci-cert@googlegroups.com

References

http://www.openwall.com/lists/oss-security/2024/05/02/3
jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341
jenkinsci-cert@googlegroups.com