Vulnerability CVE-2017-1000107
Published: 2017-10-04   Modified: 2017-10-05

Description:
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Jenkins -> Script security 

 References:
https://jenkins.io/security/advisory/2017-08-07/
Copyright 2024, cxsecurity.com

 

Back to Top