Vulnerabilities > CVE-2017-2650 - Security Bypass vulnerability in Jenkins Pipeline Classpath Step 0.1.0

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

jenkins

NVD

Published: 2018-07-27

Updated: 2019-10-09

Summary

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Pipeline Classpath Step 0.1.0	1

References

http://www.securityfocus.com/bid/96981
https://jenkins.io/security/advisory/2017-03-20/