CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-43405

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.7%

CVSS Severity

CVSS v3 Score 9.9

References

http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29

Products affected by CVE-2022-43405

Jenkins » Groovy Libraries » Version: Any

cpe:2.3:a:jenkins:groovy_libraries:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43405

Products

Pricing

Contact Us