CVE-2022-43406
Summary
| CVE | CVE-2022-43406 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-19 16:15:00 UTC |
| Updated | 2023-11-22 21:15:00 UTC |
| Description | A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jenkins | Groovy Libraries | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Jenkins Security Advisory 2022-10-19 | CONFIRM | www.jenkins.io | |
| oss-security - Multiple vulnerabilities in Jenkins plugins | MLIST | www.openwall.com | |
| Jenkins Security Advisory 2022-10-19 | MISC | www.jenkins.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 241180 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:0560)
- 241214 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2023:0777)
- 770173 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:0560)
- 770178 Red Hat OpenShift Container Platform 4.9. Security Update (RHSA-2023:0777)