The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Script_security | Jenkins | 1.1 | 1.1 |
Script_security | Jenkins | 1.6 | 1.6 |
Script_security | Jenkins | 1.11 | 1.11 |
Script_security | Jenkins | 1.2 | 1.2 |
Script_security | Jenkins | 1.8 | 1.8 |
Script_security | Jenkins | 1.9 | 1.9 |
Script_security | Jenkins | 1.18 | 1.18 |
Script_security | Jenkins | 1.4 | 1.4 |
Script_security | Jenkins | 1.10 | 1.10 |
Script_security | Jenkins | 1.15 | 1.15 |
Script_security | Jenkins | 1.16 | 1.16 |
Script_security | Jenkins | 1.14 | 1.14 |
Script_security | Jenkins | 1.13 | 1.13 |
Script_security | Jenkins | 1.7 | 1.7 |
Script_security | Jenkins | 1.5 | 1.5 |
Script_security | Jenkins | 1.17 | 1.17 |
Script_security | Jenkins | 1.12 | 1.12 |
Script_security | Jenkins | 1.3 | 1.3 |
Script_security | Jenkins | 1.0 | 1.0 |