CVE-2022-43405

CRITICAL

Jenkins Pipeline: Groovy Libraries Plugin <612.v84da_9c54906d - Pri...

Title source: llm

Description

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

References (2)

Core 2

Core References

Vendor Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29

Mailing List, Third Party Advisory mailing-list

http://www.openwall.com/lists/oss-security/2022/10/19/3

Scores

CVSS v3 9.9

EPSS 0.0020

EPSS Percentile 41.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

Status published

Products (3)

io.jenkins.plugins/pipeline-groovy-lib 0 - 613.v9c41a_160233fMaven

jenkins/groovy_libraries < 612.v84da_9c54906d

org.jenkins-ci.plugins.workflow/workflow-cps-global-lib 0 - 588.v576c103a_ff86Maven

Published Oct 19, 2022

Tracked Since Feb 18, 2026