CVE-2018-1000058

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Supporting APIs Plugin versions 2.17 and earlier

Description: The issue is related to incomplete sandbox protection, allowing arbitrary code execution. Methods like readResolve implemented in Pipeline scripts, related to Java deserialization, were not subject to sandbox protection and could execute arbitrary code. This could be exploited by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.

Recommendations: For Jenkins Pipeline: Supporting APIs Plugin versions 2.17 and earlier, update to a version later than 2.17 to resolve the issue. As a temporary workaround, consider restricting the permission to configure Pipelines in Jenkins to minimize the risk of exploitation.