CVE-2017-1000095

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided description.

Description The issue concerns the default whitelist in a script sandbox, which includes unsafe entries such as DefaultGroovyMethods.putAt(Object, String, Object) and DefaultGroovyMethods.getAt(Object, String). These entries allow for circumventing access restrictions by using alternative methods to access properties, for example, currentBuild['rawBuild'] instead of currentBuild.rawBuild. Furthermore, certain entries like groovy.json.JsonOutput.toJson(Closure) and groovy.json.JsonOutput.toJson(Object) enable access to private data that would otherwise be restricted due to script security.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.