Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2017-1000096: jenkins-plugin-workflow-cps: Arbitrary code execution due to incomplete sandbox protection (SECURITY-551)

Back to Search

Red Hat OpenShift: CVE-2017-1000096: jenkins-plugin-workflow-cps: Arbitrary code execution due to incomplete sandbox protection (SECURITY-551)

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
10/04/2017
Created
05/08/2019
Added
05/07/2019
Modified
05/07/2019

Description

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.

Solution(s)

  • linuxrpm-upgrade-jenkins-2-plugins

References

  • linuxrpm-upgrade-jenkins-2-plugins

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;