Bug 2164278 (CVE-2023-24422) - CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
Summary: CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerabilit...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-24422
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2165446
Blocks: 2164279
TreeView+ depends on / blocked
 
Reported: 2023-01-25 03:48 UTC by Avinash Hanwate
Modified: 2024-02-12 10:43 UTC (History)
5 users (show)

Fixed In Version: Script Security Plugin 1229.v4880b_b_e905a_6
Doc Type: ---
Doc Text:
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Clone Of:
Environment:
Last Closed: 2023-04-12 17:37:21 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:1655 0 None None None 2023-04-12 11:59:02 UTC
Red Hat Product Errata RHSA-2023:3195 0 None None None 2023-05-17 16:19:31 UTC
Red Hat Product Errata RHSA-2023:3198 0 None None None 2023-05-17 17:51:03 UTC
Red Hat Product Errata RHSA-2023:3299 0 None None None 2023-05-24 17:10:58 UTC
Red Hat Product Errata RHSA-2023:3610 0 None None None 2023-06-15 00:14:57 UTC
Red Hat Product Errata RHSA-2023:6179 0 None None None 2023-10-30 12:35:01 UTC
Red Hat Product Errata RHSA-2023:7288 0 None None None 2023-11-15 19:24:33 UTC
Red Hat Product Errata RHSA-2024:0775 0 None None None 2024-02-12 10:43:49 UTC
Red Hat Product Errata RHSA-2024:0776 0 None None None 2024-02-12 10:24:04 UTC
Red Hat Product Errata RHSA-2024:0777 0 None None None 2024-02-12 10:25:19 UTC
Red Hat Product Errata RHSA-2024:0778 0 None None None 2024-02-12 10:36:49 UTC

Description Avinash Hanwate 2023-01-25 03:48:47 UTC 
Script Security Plugin provides a sandbox feature that allows low-privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed. In Script Security Plugin 1228.vd93135a_2fb_25 and earlier, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
Comment 4 errata-xmlrpc 2023-04-12 11:59:00 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2023:1655 https://access.redhat.com/errata/RHSA-2023:1655
Comment 5 Product Security DevOps Team 2023-04-12 17:37:19 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-24422
Comment 10 errata-xmlrpc 2023-05-17 16:19:30 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.12

Via RHSA-2023:3195 https://access.redhat.com/errata/RHSA-2023:3195
Comment 11 errata-xmlrpc 2023-05-17 17:51:02 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.11

Via RHSA-2023:3198 https://access.redhat.com/errata/RHSA-2023:3198
Comment 13 errata-xmlrpc 2023-05-24 17:10:57 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.13

Via RHSA-2023:3299 https://access.redhat.com/errata/RHSA-2023:3299
Comment 14 errata-xmlrpc 2023-06-15 00:14:55 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.12

Via RHSA-2023:3610 https://access.redhat.com/errata/RHSA-2023:3610
Comment 16 errata-xmlrpc 2023-10-30 12:34:59 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.13

Via RHSA-2023:6179 https://access.redhat.com/errata/RHSA-2023:6179
Comment 17 errata-xmlrpc 2023-11-15 19:24:31 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.14

Via RHSA-2023:7288 https://access.redhat.com/errata/RHSA-2023:7288
Comment 20 errata-xmlrpc 2024-02-12 10:24:02 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.13

Via RHSA-2024:0776 https://access.redhat.com/errata/RHSA-2024:0776
Comment 21 errata-xmlrpc 2024-02-12 10:25:17 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.14

Via RHSA-2024:0777 https://access.redhat.com/errata/RHSA-2024:0777
Comment 22 errata-xmlrpc 2024-02-12 10:36:47 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.12

Via RHSA-2024:0778 https://access.redhat.com/errata/RHSA-2024:0778
Comment 23 errata-xmlrpc 2024-02-12 10:43:47 UTC 
This issue has been addressed in the following products:

  OpenShift Developer Tools and Services for OCP 4.11

Via RHSA-2024:0775 https://access.redhat.com/errata/RHSA-2024:0775
Note You need to log in before you can comment on or make changes to this bug.