Vulnerability in Jenkins Project Pipeline: Classpath Step Plugin

CVE-2017-2650

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.

EPSS: 0.001 (29.7th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Pipeline: Classpath Step Plugin — versions all

Weakness classification (CWE)

CWE-592

References

96981 (vdb-entry, x_refsource_BID)
jenkins.io/security/advisory/2017-03-20/ (x_refsource_CONFIRM)