CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Pipeline >> _groovy Security Vulnerabilities

CVE-2017-1000096

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.

CVSS Score

8.8

EPSS Score

0.002

Published

2017-10-05

Page 2

Vulnerabilities

Vulnerable Software

Jenkins: >> Pipeline >> _groovy Security Vulnerabilities

Products

Pricing

Contact Us