Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mqc2-w9r8-mmxm

GitHub Security Advisory

Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Pipeline: Groovy Plugin 2803.v1a_f77ffcc773 intercepts Groovy casts performed implicitly by the Groovy language runtime

Affected Packages

Maven org.jenkins-ci.plugins.workflow:workflow-cps
Affected versions: 0 (fixed in 2803.v1a_f77ffcc773)

Related CVEs

CVE-2022-43402

Key Information

GHSA ID
GHSA-mqc2-w9r8-mmxm
Published
October 19, 2022 7:00 PM
Last Modified
October 22, 2022 1:13 AM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins.workflow:workflow-cps
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.