• Type: Bug
• Resolution: Fixed
• Priority: Critical
• Component/s: postbuildscript-plugin
• Labels:

  None
• Environment:

  Jenkins ver. 2.46.1

[JENKINS-43637] Arbitrary code execution vulnerability

Giacomo Boccardo created issue - 2017-04-17 20:55

Collapse comment: Daniel Heid added a comment - 2017-10-27 20:32

Daniel Heid added a comment - 2017-10-27 20:32

Hi! I integrated the SecureGroovyScript class into the plugin to solve the mentioned vulnerability:

https://github.com/jenkinsci/postbuildscript-plugin/pull/15

Expand comment: Daniel Heid added a comment - 2017-10-27 20:32

Daniel Heid added a comment - 2017-10-27 20:32 Hi! I integrated the SecureGroovyScript class into the plugin to solve the mentioned vulnerability: https://github.com/jenkinsci/postbuildscript-plugin/pull/15

Daniel Heid made changes - 2017-10-27 20:32

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Daniel Heid made changes - 2017-10-27 20:32

Status

Original: In Progress [ 3 ]

New: Open [ 1 ]

Daniel Heid made changes - 2017-10-27 20:33

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Collapse comment: SCM/JIRA link daemon added a comment - 2017-11-02 17:39

SCM/JIRA link daemon added a comment - 2017-11-02 17:39

Code changed in jenkins
User: Daniel Heid
Path:
src/main/java/org/jenkinsci/plugins/postbuildscript/service/ScriptExecutor.java
http://jenkins-ci.org/commit/postbuildscript-plugin/a6e82abb5c5be6b5303f548bffc7ebbe9ae27d76
Log:
JENKINS-43637 Secures groovy script execution

Expand comment: SCM/JIRA link daemon added a comment - 2017-11-02 17:39

SCM/JIRA link daemon added a comment - 2017-11-02 17:39 Code changed in jenkins User: Daniel Heid Path: src/main/java/org/jenkinsci/plugins/postbuildscript/service/ScriptExecutor.java http://jenkins-ci.org/commit/postbuildscript-plugin/a6e82abb5c5be6b5303f548bffc7ebbe9ae27d76 Log: JENKINS-43637 Secures groovy script execution

Collapse comment: SCM/JIRA link daemon added a comment - 2017-11-02 17:39

SCM/JIRA link daemon added a comment - 2017-11-02 17:39

Code changed in jenkins
User: Daniel Heid
Path:
.gitignore
pom.xml
src/main/java/org/jenkinsci/plugins/postbuildscript/PostBuildScript.java
src/main/java/org/jenkinsci/plugins/postbuildscript/PostBuildScriptListener.java
src/main/java/org/jenkinsci/plugins/postbuildscript/service/ScriptExecutor.java
http://jenkins-ci.org/commit/postbuildscript-plugin/3d33744ba1c459beb8e6c46c1112ab236b18a699
Log:
Merge pull request #15 from dheid/master

JENKINS-43637 Secures groovy script execution

Compare: https://github.com/jenkinsci/postbuildscript-plugin/compare/cdceecee4243...3d33744ba1c4

Expand comment: SCM/JIRA link daemon added a comment - 2017-11-02 17:39

SCM/JIRA link daemon added a comment - 2017-11-02 17:39 Code changed in jenkins User: Daniel Heid Path: .gitignore pom.xml src/main/java/org/jenkinsci/plugins/postbuildscript/PostBuildScript.java src/main/java/org/jenkinsci/plugins/postbuildscript/PostBuildScriptListener.java src/main/java/org/jenkinsci/plugins/postbuildscript/service/ScriptExecutor.java http://jenkins-ci.org/commit/postbuildscript-plugin/3d33744ba1c459beb8e6c46c1112ab236b18a699 Log: Merge pull request #15 from dheid/master JENKINS-43637 Secures groovy script execution Compare: https://github.com/jenkinsci/postbuildscript-plugin/compare/cdceecee4243...3d33744ba1c4

Daniel Heid made changes - 2017-11-02 18:24

Status

Original: In Progress [ 3 ]

New: Open [ 1 ]

Daniel Heid made changes - 2017-11-02 18:25

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]

Daniel Heid made changes - 2017-11-02 18:57

Assignee

Original: Gregory Boissinot [ gbois ]

New: Daniel Heid [ dheid ]

Load more newer events