/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2024-34145

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-34145

Severity

8.8

High

CVSS V3

Description

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

References

  • https://images.chainguard.dev/security/CGA-6rcw-x28r-rxmh
  • https://github.com/advisories/GHSA-2g4q-9vm9-9fw4
  • https://images.chainguard.dev/security/CGA-wxxv-7cpw-3m5r
  • https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341
  • http://www.openwall.com/lists/oss-security/2024/05/02/3

Affected packages

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal