| |
Vulnerability CVE-2017-1000107
Published: 2017-10-04 Modified: 2017-10-05
Description: |
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection. |
Type:
CWE-noinfo
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://jenkins.io/security/advisory/2017-08-07/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|