CVE-2018-1000866


12/10/2018

CVE-2018-1000866

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM

References: 
https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *