CVE-2017-1000107

CVSS v3.0 8.8 (High)

CVSS v2.0 6.5 (Medium)

EPSS 0.10 % (43^th)

Affected Products 1

Advisories 1

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-10-05 01:29:04
(7 years ago)
Updated Date: 2019-10-03 00:03:26
(5 years ago)

Affected Products

Jenkins

Script Security

Configuration #1

		CPE23	From	Up To
	Jenkins Script Security 1.30 for Jenkins	cpe:2.3:a:jenkins:script_security:1.30:::::jenkins