CVE-2018-1000866

Aliases:GHSA-gqhm-4h93-rrhg
Advisory lineage Upstream: 0 Downstream: 1
Downstream
RHBA-2019:0326
Modified
Published: 10 Dec 2018, 14:00
Last modified:05 Aug 2024, 12:47

Vulnerability Summary

Overall Risk (default)
medium
35/100
CVSS Score
8.8 HIGH
v3.0 (nvd)
EPSS Score
0.61% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Dec 2018, 14:00
Published
Vulnerability first disclosed
05 Aug 2024, 12:47
Last Modified
Vulnerability information updated

Description

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM

CVSS Metrics

  • v3.0HIGHScore: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0MEDIUMScore: 6.5AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.61% Percentile: 70%

Techniques & Countermeasures

  • CWE-269Improper Privilege Management

    The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Systems

  • org.jenkins-ci.pluginsscript-security

    < 1.48

  • org.jenkins-ci.plugins.workflowworkflow-cps

    < 2.60

  • redhatopenshift_container_platform

    3.11

References (7)