CVE-2022-43404

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions 1183.v774b 0b 0a a 451 and earlier

Description A sandbox bypass issue exists, involving crafted constructor bodies and calls to sandbox-generated synthetic constructors, which allows attackers with permission to define and run sandboxed scripts to bypass sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Recommendations For versions 1183.v774b 0b 0a a 451 and earlier, update to a version that contains a fix for this issue to prevent sandbox bypass and arbitrary code execution.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

CVE-2022-43404

GHSA-27RF-8MJP-R363

RHSA-2023:0560

RHSA-2023:0777

RHSA-2023:1064

RHSA-2023:3198

Affected Products

Jenkins

Jenkins Script Security Plugin

CVE-2022-43404

Weakness Enumeration

Related Identifiers

Affected Products

References · 6