oss-sec mailing list archives
Re: Sandbox bypass in multiple Jenkins plugins
From: Daniel Beck <ml () beckweb net>
Date: Wed, 23 Jan 2019 11:18:20 +0100
On 8. Jan 2019, at 13:46, Daniel Beck <ml () beckweb net> wrote: SECURITY-1266 Script Security sandbox protection could be circumvented during the compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with Overall/Read permission, or able to control Jenkinsfile or sandboxed Pipeline shared library contents in SCM, to bypass the sandbox protection and execute arbitrary code on the Jenkins master.
CVE-2019-1003000 (Script Security Plugin) CVE-2019-1003001 (Pipeline: Groovy Plugin) CVE-2019-1003002 (Pipeline: Declarative Plugin)
Current thread:
- Sandbox bypass in multiple Jenkins plugins Daniel Beck (Jan 08)
- Re: Sandbox bypass in multiple Jenkins plugins Daniel Beck (Jan 23)