Vulnerabilities > CVE-2017-2650 - Unspecified vulnerability in Jenkins Pipeline Classpath Step 0.1.0

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

jenkins

NVD

Published: 2018-07-27

Updated: 2019-10-09

Summary

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Pipeline Classpath Step 0.1.0	1

References

https://jenkins.io/security/advisory/2017-03-20/
http://www.securityfocus.com/bid/96981