CVE-2017-1000107

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.
References
Link Resource
https://jenkins.io/security/advisory/2017-08-07/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:script_security:1.30:*:*:*:*:jenkins:*:*

History

No history.

Information

Published : 2017-10-05 01:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-1000107

Mitre link : CVE-2017-1000107

CVE.ORG link : CVE-2017-1000107


JSON object : View

Products Affected

jenkins

  • script_security