CVE-2016-3102
HIGHJenkins Script Security Plugin < 1.18.1 - Sandbox Bypass via Direct Field Access or Array Operations
Title source: llmDescription
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11
Scores
CVSS v3
7.3
EPSS
0.0005
EPSS Percentile
16.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-254
Status
published
Products (20)
jenkins/script_security
1.0
jenkins/script_security
1.1
jenkins/script_security
1.2
jenkins/script_security
1.3
jenkins/script_security
1.4
jenkins/script_security
1.5
jenkins/script_security
1.6
jenkins/script_security
1.7
jenkins/script_security
1.8
jenkins/script_security
1.9
... and 10 more
Published
Feb 09, 2017
Tracked Since
Feb 18, 2026