[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Sandbox bypass in multiple Jenkins plugins
From:       Daniel Beck <ml () beckweb ! net>
Date:       2019-01-23 10:18:20
Message-ID: 76DD3118-C738-425E-B96F-85EFF8BB1D62 () beckweb ! net
[Download RAW message or body]



> On 8. Jan 2019, at 13:46, Daniel Beck <ml@beckweb.net> wrote:
> 
> SECURITY-1266
> Script Security sandbox protection could be circumvented during the 
> compilation phase by applying AST transforming annotations such as @Grab
> to source code elements.
> 
> Both the pipeline validation REST APIs and actual script/pipeline 
> execution are affected.
> 
> This allowed users with Overall/Read permission, or able to control 
> Jenkinsfile or sandboxed Pipeline shared library contents in SCM, to 
> bypass the sandbox protection and execute arbitrary code on the Jenkins 
> master.

CVE-2019-1003000 (Script Security Plugin)
CVE-2019-1003001 (Pipeline: Groovy Plugin)
CVE-2019-1003002 (Pipeline: Declarative Plugin)

[prev in list] [next in list] [prev in thread] [next in thread]