CVE-2022-43401

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions 1183.v774b 0b 0a a 451 and earlier

Description A sandbox bypass issue involving implicit casts by the Groovy language runtime allows attackers with permission to define and run sandboxed scripts to bypass sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. This affects scripts including Pipelines.

Recommendations For versions 1183.v774b 0b 0a a 451 and earlier, update to a version that fixes the sandbox bypass vulnerability to prevent attackers from executing arbitrary code in the context of the Jenkins controller JVM. At the moment, there is no information about a newer version that contains a fix for this vulnerability.