Sandbox Bypass Affecting com.splunk.splunkins:splunk-devops Open this link in a new tab package, versions [,1.8.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
29 Aug 2019
28 Aug 2019
How to fix?
com.splunk.splunkins:splunk-devops to version 1.8.0 or higher.
com.splunk.splunkins:splunk-devops is a plugin that provides deep insights into your Jenkins master and slave infrastructure, job and build details.
Affected versions of this package are vulnerable to Sandbox Bypass. An attacker with Overall/Read permission can provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.