CVE-2017-1000096

Name of the Vulnerable Software and Affected Versions Jenkins (affected versions not specified)

Description The issue allows for arbitrary code execution due to incomplete sandbox protection in Pipeline scripts. Specifically, constructors, instance variable initializers, and instance initializers were not subject to sandbox protection, enabling the execution of arbitrary code. This could be exploited by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.