CVE-2022-43406

CRITICAL

Jenkins Pipeline: Deprecated Groovy Libraries Plugin <583.vf3b_454e...

Title source: llm

Description

A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

References (2)

Core 2

Core References

Vendor Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29

Mailing List, Third Party Advisory mailing-list

http://www.openwall.com/lists/oss-security/2022/10/19/3

Scores

CVSS v3 9.9

EPSS 0.0020

EPSS Percentile 41.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

Status published

Products (3)

io.jenkins.plugins/pipeline-groovy-lib 0 - 613.v9c41a_160233fMaven

jenkins/groovy_libraries < 583.vf3b_454e43966

org.jenkins-ci.plugins.workflow/workflow-cps-global-lib 0 - 588.v576c103a_ff86Maven

Published Oct 19, 2022

Tracked Since Feb 18, 2026