QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-43405

Back to search

CVE-2022-43405

Published: Oct 19, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

VendorProductVersions

Jenkins project

Jenkins Pipeline: Groovy Libraries Plugin

unaffected
593.595.vfc6485d13dcd
affected
unspecified - <= 612.v84da_9c54906d

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now