CVE-2017-1000107

HIGH

Script Security Plugin - Code Injection

Title source: llm
STIX 2.1

Description

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-08-07/

Scores

CVSS v3 8.8
EPSS 0.0027
EPSS Percentile 50.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
jenkins/script_security 1.30
org.jenkins-ci.plugins/script-security 0 - 1.31Maven
Published Oct 05, 2017
Tracked Since Feb 18, 2026