Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Pipeline Supporting Apis
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1000058 1 Jenkins 1 Pipeline Supporting Apis 2023-12-10 6.5 MEDIUM 8.8 HIGH
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.