CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-1000505

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.5%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2017-1000505

Jenkins » Script Security » Version: 1.0

cpe:2.3:a:jenkins:script_security:1.0
Jenkins » Script Security » Version: 1.1

cpe:2.3:a:jenkins:script_security:1.1
Jenkins » Script Security » Version: 1.10

cpe:2.3:a:jenkins:script_security:1.10
Jenkins » Script Security » Version: 1.11

cpe:2.3:a:jenkins:script_security:1.11
Jenkins » Script Security » Version: 1.12

cpe:2.3:a:jenkins:script_security:1.12
Jenkins » Script Security » Version: 1.13

cpe:2.3:a:jenkins:script_security:1.13
Jenkins » Script Security » Version: 1.14

cpe:2.3:a:jenkins:script_security:1.14
Jenkins » Script Security » Version: 1.15

cpe:2.3:a:jenkins:script_security:1.15
Jenkins » Script Security » Version: 1.16

cpe:2.3:a:jenkins:script_security:1.16
Jenkins » Script Security » Version: 1.17

cpe:2.3:a:jenkins:script_security:1.17
Jenkins » Script Security » Version: 1.18

cpe:2.3:a:jenkins:script_security:1.18
Jenkins » Script Security » Version: 1.18.1

cpe:2.3:a:jenkins:script_security:1.18.1
Jenkins » Script Security » Version: 1.19

cpe:2.3:a:jenkins:script_security:1.19
Jenkins » Script Security » Version: 1.2

cpe:2.3:a:jenkins:script_security:1.2
Jenkins » Script Security » Version: 1.20

cpe:2.3:a:jenkins:script_security:1.20
Jenkins » Script Security » Version: 1.21

cpe:2.3:a:jenkins:script_security:1.21
Jenkins » Script Security » Version: 1.22

cpe:2.3:a:jenkins:script_security:1.22
Jenkins » Script Security » Version: 1.23

cpe:2.3:a:jenkins:script_security:1.23
Jenkins » Script Security » Version: 1.24

cpe:2.3:a:jenkins:script_security:1.24
Jenkins » Script Security » Version: 1.25

cpe:2.3:a:jenkins:script_security:1.25
Jenkins » Script Security » Version: 1.26

cpe:2.3:a:jenkins:script_security:1.26
Jenkins » Script Security » Version: 1.27

cpe:2.3:a:jenkins:script_security:1.27
Jenkins » Script Security » Version: 1.28

cpe:2.3:a:jenkins:script_security:1.28
Jenkins » Script Security » Version: 1.29

cpe:2.3:a:jenkins:script_security:1.29
Jenkins » Script Security » Version: 1.29.1

cpe:2.3:a:jenkins:script_security:1.29.1
Jenkins » Script Security » Version: 1.3

cpe:2.3:a:jenkins:script_security:1.3
Jenkins » Script Security » Version: 1.30

cpe:2.3:a:jenkins:script_security:1.30
Jenkins » Script Security » Version: 1.31

cpe:2.3:a:jenkins:script_security:1.31
Jenkins » Script Security » Version: 1.32

cpe:2.3:a:jenkins:script_security:1.32
Jenkins » Script Security » Version: 1.33

cpe:2.3:a:jenkins:script_security:1.33
Jenkins » Script Security » Version: 1.34

cpe:2.3:a:jenkins:script_security:1.34
Jenkins » Script Security » Version: 1.35

cpe:2.3:a:jenkins:script_security:1.35
Jenkins » Script Security » Version: 1.36

cpe:2.3:a:jenkins:script_security:1.36
Jenkins » Script Security » Version: 1.4

cpe:2.3:a:jenkins:script_security:1.4
Jenkins » Script Security » Version: 1.5

cpe:2.3:a:jenkins:script_security:1.5
Jenkins » Script Security » Version: 1.6

cpe:2.3:a:jenkins:script_security:1.6
Jenkins » Script Security » Version: 1.7

cpe:2.3:a:jenkins:script_security:1.7
Jenkins » Script Security » Version: 1.8

cpe:2.3:a:jenkins:script_security:1.8
Jenkins » Script Security » Version: 1.9

cpe:2.3:a:jenkins:script_security:1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-1000505

Products

Pricing

Contact Us