CVE Vulnerabilities

CVE-2018-1000866

Improper Privilege Management

Published: Dec 10, 2018 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
8.8 IMPORTANT
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Pipeline:_groovy Jenkins * 2.59 (including)
Red Hat OpenShift Container Platform 3.11 RedHat atomic-enterprise-service-catalog-1:3.11.82-1.git.1673.133961e.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-0:3.11.82-1.git.0.08bc31b.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-cluster-autoscaler-0:3.11.82-1.git.0.efb6af0.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-descheduler-0:3.11.82-1.git.300.89765c9.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-dockerregistry-0:3.11.82-1.git.452.0ce6383.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-metrics-server-0:3.11.82-1.git.52.2fdca3f.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-node-problem-detector-0:3.11.82-1.git.254.a448936.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-service-idler-0:3.11.82-1.git.14.e353758.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-web-console-0:3.11.82-1.git.355.5e8b1d9.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-openshift-oauth-proxy-0:3.11.82-1.git.425.7cac034.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-alertmanager-0:3.11.82-1.git.0.3bf41ce.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-node_exporter-0:3.11.82-1.git.1063.48444e8.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-prometheus-0:3.11.82-1.git.5027.9d24833.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat haproxy-0:1.8.17-3.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat jenkins-0:2.150.2.1549032159-1.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat jenkins-2-plugins-0:3.11.1549642489-1.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-ansible-0:3.11.82-3.git.0.9718d0a.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-enterprise-autoheal-0:3.11.82-1.git.219.0b5aff4.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-enterprise-cluster-capacity-0:3.11.82-1.git.380.cf11c51.el7 *

Potential Mitigations

References