CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-43406

A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.4%

CVSS Severity

CVSS v3 Score 9.9

References

http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29

Products affected by CVE-2022-43406

Jenkins » Groovy Libraries » Version: Any

cpe:2.3:a:jenkins:groovy_libraries:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43406

Products

Pricing

Contact Us