CVE-2017-1000107

EPSS 0.27%
Published 05.10.2017 01:29:04
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Script Security Version1.30 SwPlatformjenkins

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.505

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://jenkins.io/security/advisory/2017-08-07/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-1000107

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-1000107

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-1000107

EUVD