Protection Mechanism Failure Affecting org.jenkins-ci.plugins.workflow:workflow-cps package, versions [,2803.v1a_f77ffcc773)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.12% (48th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGJENKINSCIPLUGINSWORKFLOW-3057192
  • published20 Oct 2022
  • disclosed19 Oct 2022
  • creditDevin Nusbaum

Introduced: 19 Oct 2022

CVE-2022-43401  (opens in a new tab)
CWE-693  (opens in a new tab)

How to fix?

Upgrade org.jenkins-ci.plugins.workflow:workflow-cps to version 2803.v1a_f77ffcc773 or higher.

Overview

org.jenkins-ci.plugins.workflow:workflow-cps is a Jenkins Plugins Parent POM Project.

Affected versions of this package are vulnerable to Protection Mechanism Failure when various casts performed implicitly by the Groovy language runtime were not intercepted by the sandbox. Exploiting this vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

CVSS Scores

version 3.1