N/A

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

N/A

N/A

CloudBees Jenkins Pipeline: Declarative Plugin 安全漏洞

Jenkins Pipeline是一套插件，支持将持续交付管道实施和集成到 Jenkins 中。 CloudBees Pipeline: Declarative Plugin 1.3.3及之前版本中的pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy文件存在安全漏洞。该漏洞允许具有Overall/Read权限的攻击者向HTTP端点提供

N/A

N/A