Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-34145

May 2, 2024, 6 p.m.

Product(s) Impacted

Jenkins Script Security Plugin

  • 1335.vf07d9ce377a_e and earlier

Description

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Weaknesses

Date

Published: May 2, 2024, 2:15 p.m.

Last Modified: May 2, 2024, 6 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

jenkinsci-cert@googlegroups.com

References

http://www.openwall.com/ jenkinsci-cert@googlegroups.com

https://www.jenkins.io/ jenkinsci-cert@googlegroups.com