Back

CVE-2024-34145

May 2, 2024, 6 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Jenkins Script Security Plugin

  • 1335.vf07d9ce377a_e and earlier

Source

jenkinsci-cert@googlegroups.com

Tags

2024-05-02
jenkinsci-cert@googlegroups.com
CVE-2024-34145

CVE-2024-34145 details

Published : May 2, 2024, 2:15 p.m.
Last Modified : May 2, 2024, 6 p.m.

Description

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
http://www.openwall.com/lists/oss-security/2024/05/02/3 jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341 jenkinsci-cert@googlegroups.com
This website uses the NVD API, but is not approved or certified by it.