CVE-2018-1000866

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Pipeline:_groovy	Jenkins	*	2.59 (including)
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-enterprise-service-catalog-1:3.11.82-1.git.1673.133961e.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-0:3.11.82-1.git.0.08bc31b.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-cluster-autoscaler-0:3.11.82-1.git.0.efb6af0.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-descheduler-0:3.11.82-1.git.300.89765c9.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-dockerregistry-0:3.11.82-1.git.452.0ce6383.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-metrics-server-0:3.11.82-1.git.52.2fdca3f.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-node-problem-detector-0:3.11.82-1.git.254.a448936.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-service-idler-0:3.11.82-1.git.14.e353758.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-web-console-0:3.11.82-1.git.355.5e8b1d9.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	golang-github-openshift-oauth-proxy-0:3.11.82-1.git.425.7cac034.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	golang-github-prometheus-alertmanager-0:3.11.82-1.git.0.3bf41ce.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	golang-github-prometheus-node_exporter-0:3.11.82-1.git.1063.48444e8.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	golang-github-prometheus-prometheus-0:3.11.82-1.git.5027.9d24833.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	haproxy-0:1.8.17-3.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	jenkins-0:2.150.2.1549032159-1.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	jenkins-2-plugins-0:3.11.1549642489-1.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	openshift-ansible-0:3.11.82-3.git.0.9718d0a.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	openshift-enterprise-autoheal-0:3.11.82-1.git.219.0b5aff4.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	openshift-enterprise-cluster-capacity-0:3.11.82-1.git.380.cf11c51.el7	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-1000866
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

References

CVE-2018-1000866

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References