Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
Critical severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Oct 26, 2023
Package
Affected versions
<= 1.6
Patched versions
None
Description
Published by the National Vulnerability Database
Sep 25, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Sep 8, 2022
Last updated
Oct 26, 2023
Credits
-
westonsteimel Analyst
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
References