alpine · CVE-2022-43403

Quick triage

Priority: critical Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2022-43403: 1 source package rows (jenkins); 37 state rows across 7 repos (3.17-community, 3.18-community, 3.19-community, 3.20-community, 3.22-community, 3.23-community, edge-community); fixed 0, open 37.

Description:

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

cvelogic Threat Intelligence