CVE-2017-1000107: Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method…

high8.8CVSS 3.0

AVNACLPRLUINSUCHIHAH

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
jenkins	blue_ocean_plugin	—	—
jenkins	config_file_provider_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	datadog_plugin	—	—
jenkins	deploy_to_container_plugin	—	—
jenkins	dry_plugin	—	—
jenkins	groovy_plugin	—	—
jenkins	input_step_plugin	—	—
jenkins	owasp_dependency-check_plugin	—	—
jenkins	script_security	—	—
jenkins	script_security_plugin	—	—
jenkins	static_analysis_utilities_plugin	—	—
jenkins	warnings_plugin	—	—