8.8
CVE-2026-57280
- EPSS 0.37%
- Veröffentlicht 24.06.2026 13:20:04
- Zuletzt bearbeitet 26.06.2026 19:59:19
- Quelle jenkinsci-cert@googlegroups.co
- CVE-Watchlists
- Unerledigt
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Script Security SwPlatformjenkins Version <= 1402.v94c9ce464861
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.291 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3792