oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sandbox bypass in multiple Jenkins plugins

From: Daniel Beck <ml () beckweb net>
Date: Wed, 23 Jan 2019 11:18:20 +0100



On 8. Jan 2019, at 13:46, Daniel Beck <ml () beckweb net> wrote:

SECURITY-1266
Script Security sandbox protection could be circumvented during the 
compilation phase by applying AST transforming annotations such as @Grab
to source code elements.

Both the pipeline validation REST APIs and actual script/pipeline 
execution are affected.

This allowed users with Overall/Read permission, or able to control 
Jenkinsfile or sandboxed Pipeline shared library contents in SCM, to 
bypass the sandbox protection and execute arbitrary code on the Jenkins 
master.


CVE-2019-1003000 (Script Security Plugin)
CVE-2019-1003001 (Pipeline: Groovy Plugin)
CVE-2019-1003002 (Pipeline: Declarative Plugin)
Previous By Date Next
Previous By Thread Next

Current thread: