[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-24422":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":43,"downstream":44,"duplicates":71,"related":72,"reserved_at":9,"published_at":73,"modified_at":74,"state":75,"summary":76,"references_raw":85,"kevs":108,"epss":109,"epss_history":112,"metrics":372,"affected":382},"CVE-2023-24422","A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[],[42],"GHSA-76qj-9gwh-pvv3",[],[45,47,49,51,53,55,57,59,61,63,65,67,69],{"_key":46},"RHSA-2023:1655",{"_key":48},"RHSA-2023:3195",{"_key":50},"RHSA-2024:0775",{"_key":52},"RHSA-2023:3198",{"_key":54},"RHSA-2024:0776",{"_key":56},"RHSA-2023:3299",{"_key":58},"RHSA-2023:3610",{"_key":60},"RHSA-2024:0778",{"_key":62},"RHSA-2023:6171",{"_key":64},"RHSA-2023:6172",{"_key":66},"RHSA-2023:6179",{"_key":68},"RHSA-2023:7288",{"_key":70},"RHSA-2024:0777",[],[],"2023-01-24T00:00:00.000Z","2025-04-02T14:30:51.711Z","Modified",{"cisa_kev":77,"cisa_ransomware":77,"cisa_vendor":9,"epss_severity":78,"epss_score":79,"severity":80,"severity_score":81,"severity_version":82,"severity_source":83,"severity_vector":84,"severity_status":75},false,"low",0.00039,"high",8.8,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",[86,94,99,103],{"url":87,"sources":88,"tags":91},"https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016",[83,89,90],"nvd","osv_maven",[92,93],"Vendor Advisory","WEB",{"url":95,"sources":96,"tags":97},"https://nvd.nist.gov/vuln/detail/CVE-2023-24422",[90],[98],"Advisory",{"url":100,"sources":101,"tags":102},"https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73",[90],[93],{"url":104,"sources":105,"tags":106},"https://github.com/jenkinsci/script-security-plugin",[90],[107],"PACKAGE",[],{"date":110,"score":79,"percentile":111},"2026-06-04",0.11942,[113,117,120,123,126,129,131,134,137,140,143,146,149,152,155,159,162,166,169,172,175,178,181,184,187,190,193,196,199,202,205,207,210,212,214,217,220,223,226,229,232,234,237,240,242,245,247,249,252,255,257,260,263,265,267,270,273,276,279,282,285,287,289,291,293,295,299,302,305,308,311,314,317,320,323,327,330,333,336,339,342,344,347,350,354,357,360,363,366,369],{"date":114,"score":115,"percentile":116},"2025-11-04",0.00014,0.0181,{"date":118,"score":115,"percentile":119},"2025-11-05",0.01835,{"date":121,"score":115,"percentile":122},"2025-11-06",0.01854,{"date":124,"score":115,"percentile":125},"2025-11-07",0.01861,{"date":127,"score":115,"percentile":128},"2025-11-08",0.01863,{"date":130,"score":115,"percentile":128},"2025-11-09",{"date":132,"score":115,"percentile":133},"2025-11-10",0.01847,{"date":135,"score":115,"percentile":136},"2025-11-11",0.01857,{"date":138,"score":115,"percentile":139},"2025-11-12",0.01869,{"date":141,"score":115,"percentile":142},"2025-11-13",0.01886,{"date":144,"score":115,"percentile":145},"2025-11-14",0.01888,{"date":147,"score":115,"percentile":148},"2025-11-15",0.01907,{"date":150,"score":115,"percentile":151},"2025-11-16",0.01911,{"date":153,"score":115,"percentile":154},"2025-11-17",0.01899,{"date":156,"score":157,"percentile":158},"2025-11-18",0.00331,0.52953,{"date":160,"score":157,"percentile":161},"2025-11-19",0.52968,{"date":163,"score":164,"percentile":165},"2025-11-20",0.00319,0.52037,{"date":167,"score":115,"percentile":168},"2025-11-21",0.01811,{"date":170,"score":115,"percentile":171},"2025-11-22",0.01808,{"date":173,"score":115,"percentile":174},"2025-11-23",0.01804,{"date":176,"score":115,"percentile":177},"2025-11-24",0.01794,{"date":179,"score":115,"percentile":180},"2025-11-25",0.01789,{"date":182,"score":115,"percentile":183},"2025-11-26",0.01747,{"date":185,"score":115,"percentile":186},"2025-11-27",0.01748,{"date":188,"score":115,"percentile":189},"2025-11-28",0.01745,{"date":191,"score":115,"percentile":192},"2025-11-29",0.01792,{"date":194,"score":115,"percentile":195},"2025-11-30",0.01801,{"date":197,"score":115,"percentile":198},"2025-12-01",0.01826,{"date":200,"score":115,"percentile":201},"2025-12-02",0.01824,{"date":203,"score":115,"percentile":204},"2025-12-03",0.0183,{"date":206,"score":115,"percentile":174},"2025-12-04",{"date":208,"score":115,"percentile":209},"2025-12-05",0.01819,{"date":211,"score":115,"percentile":201},"2025-12-06",{"date":213,"score":115,"percentile":195},"2025-12-07",{"date":215,"score":115,"percentile":216},"2025-12-08",0.01803,{"date":218,"score":115,"percentile":219},"2025-12-09",0.0182,{"date":221,"score":115,"percentile":222},"2025-12-10",0.01839,{"date":224,"score":115,"percentile":225},"2025-12-11",0.01831,{"date":227,"score":115,"percentile":228},"2025-12-12",0.01838,{"date":230,"score":115,"percentile":231},"2025-12-13",0.01822,{"date":233,"score":115,"percentile":231},"2025-12-14",{"date":235,"score":115,"percentile":236},"2025-12-15",0.01814,{"date":238,"score":115,"percentile":239},"2025-12-16",0.01809,{"date":241,"score":115,"percentile":201},"2025-12-17",{"date":243,"score":115,"percentile":244},"2025-12-18",0.01818,{"date":246,"score":115,"percentile":209},"2025-12-19",{"date":248,"score":115,"percentile":244},"2025-12-20",{"date":250,"score":115,"percentile":251},"2025-12-21",0.01825,{"date":253,"score":115,"percentile":254},"2025-12-22",0.01852,{"date":256,"score":115,"percentile":254},"2025-12-23",{"date":258,"score":115,"percentile":259},"2025-12-24",0.0186,{"date":261,"score":115,"percentile":262},"2025-12-25",0.01867,{"date":264,"score":115,"percentile":139},"2025-12-26",{"date":266,"score":115,"percentile":136},"2025-12-27",{"date":268,"score":115,"percentile":269},"2025-12-28",0.01865,{"date":271,"score":115,"percentile":272},"2025-12-29",0.01856,{"date":274,"score":115,"percentile":275},"2025-12-30",0.0185,{"date":277,"score":115,"percentile":278},"2025-12-31",0.01848,{"date":280,"score":115,"percentile":281},"2026-01-01",0.01864,{"date":283,"score":115,"percentile":284},"2026-01-02",0.01858,{"date":286,"score":115,"percentile":281},"2026-01-03",{"date":288,"score":115,"percentile":119},"2026-01-04",{"date":290,"score":115,"percentile":228},"2026-01-05",{"date":292,"score":115,"percentile":119},"2026-01-06",{"date":294,"score":115,"percentile":275},"2026-01-07",{"date":296,"score":297,"percentile":298},"2026-01-08",0.00019,0.04101,{"date":300,"score":297,"percentile":301},"2026-01-09",0.04108,{"date":303,"score":297,"percentile":304},"2026-01-10",0.04119,{"date":306,"score":297,"percentile":307},"2026-01-11",0.04099,{"date":309,"score":297,"percentile":310},"2026-01-12",0.04097,{"date":312,"score":297,"percentile":313},"2026-01-13",0.04089,{"date":315,"score":297,"percentile":316},"2026-01-14",0.04133,{"date":318,"score":297,"percentile":319},"2026-01-15",0.04059,{"date":321,"score":297,"percentile":322},"2026-01-16",0.04031,{"date":324,"score":325,"percentile":326},"2026-01-17",0.00024,0.05975,{"date":328,"score":325,"percentile":329},"2026-01-18",0.05968,{"date":331,"score":325,"percentile":332},"2026-01-19",0.05946,{"date":334,"score":325,"percentile":335},"2026-01-20",0.05904,{"date":337,"score":325,"percentile":338},"2026-01-21",0.05903,{"date":340,"score":325,"percentile":341},"2026-01-22",0.05886,{"date":343,"score":325,"percentile":332},"2026-01-23",{"date":345,"score":325,"percentile":346},"2026-01-24",0.05991,{"date":348,"score":325,"percentile":349},"2026-01-25",0.05938,{"date":351,"score":352,"percentile":353},"2026-01-26",0.00027,0.0696,{"date":355,"score":352,"percentile":356},"2026-01-27",0.06945,{"date":358,"score":352,"percentile":359},"2026-01-28",0.06921,{"date":361,"score":352,"percentile":362},"2026-01-29",0.06918,{"date":364,"score":352,"percentile":365},"2026-01-30",0.06931,{"date":367,"score":352,"percentile":368},"2026-01-31",0.06954,{"date":370,"score":352,"percentile":371},"2026-02-01",0.07002,[373,378,380],{"source":83,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":374,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":375,"vectorString":84,"impactScore":376,"exploitabilityScore":377},"HIGH",10,5.1,{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":379,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":375,"vectorString":84,"impactScore":376,"exploitabilityScore":377},{"source":90,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":381,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":9,"vectorString":84,"impactScore":376,"exploitabilityScore":377},[383,395,405],{"ecosystem":9,"name":384,"vendor":385,"product":386,"cpe_part":387,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":388},"Jenkins Script Security Plugin","jenkins project","jenkins script security plugin","a",[389],{"version":390,"is_range":391,"range_type":83,"version_start":392,"version_start_type":393,"version_end":394,"version_end_type":393,"fixed_in":9},">= unspecified, \u003C= 1228.vd93135a_2fb_25",true,"unspecified","including","1228.vd93135a_2fb_25",{"ecosystem":9,"name":396,"vendor":397,"product":398,"cpe_part":387,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":399},"script security","jenkins","script_security",[400],{"version":401,"is_range":391,"range_type":402,"version_start":9,"version_start_type":9,"version_end":403,"version_end_type":404,"fixed_in":9},"lt1229.v4880b_b_e905a_6","cpe","1229.v4880b_b_e905a_6","excluding",{"ecosystem":406,"name":407,"vendor":408,"product":409,"cpe_part":9,"purl_type":410,"purl_namespace":408,"purl_name":409,"source":9,"versions":411},"Maven","org.jenkins-ci.plugins:script-security","org.jenkins-ci.plugins","script-security","maven",[412],{"version":413,"is_range":391,"range_type":414,"version_start":9,"version_start_type":9,"version_end":415,"version_end_type":404,"fixed_in":9},"lt1229_v4880b","ecosystem","1229.v4880b"]