CVE-2017-2650

CVE-2017-2650

Vendor Jenkins Project
Product Pipeline: Classpath Step Jenkins plugin
Weakness CWE-592
Published July 27, 2018
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.

Key dates

02Disclosure timeline

July 27, 2018 CVE published
September 17, 2024 Record updated