CVE-2017-2650

Jenkins Pipeline Classpath Step plugin allowed Script Security sandbox bypass in maven/cprice404/pipeline-classpath

Identifiers

GHSA-r5c7-qcc9-5v7m, CVE-2017-2650

Package Slug

maven/cprice404/pipeline-classpath

Vulnerability

Jenkins Pipeline Classpath Step plugin allowed Script Security sandbox bypass

Description

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.

Affected Versions

Version 0.1.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-01-31

source