CVE Vulnerabilities

CVE-2016-3102

Published: Feb 09, 2017 | Modified: Feb 28, 2017
CVSS 3.x
7.3
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.

Affected Software

Name Vendor Start Version End Version
Script_security Jenkins 1.1 1.1
Script_security Jenkins 1.6 1.6
Script_security Jenkins 1.11 1.11
Script_security Jenkins 1.2 1.2
Script_security Jenkins 1.8 1.8
Script_security Jenkins 1.9 1.9
Script_security Jenkins 1.18 1.18
Script_security Jenkins 1.4 1.4
Script_security Jenkins 1.10 1.10
Script_security Jenkins 1.15 1.15
Script_security Jenkins 1.16 1.16
Script_security Jenkins 1.14 1.14
Script_security Jenkins 1.13 1.13
Script_security Jenkins 1.7 1.7
Script_security Jenkins 1.5 1.5
Script_security Jenkins 1.17 1.17
Script_security Jenkins 1.12 1.12
Script_security Jenkins 1.3 1.3
Script_security Jenkins 1.0 1.0

References