admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-01-25 13:02:41 -05:00
parent 6832f246a9
commit 3eef94b7e8
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2017/1000xxx/CVE-2017-1000505.json
View File

@ -36,7 +36,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In Jenkins Script Security Plugin version 1.36 and earlier users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval."
"value" : "In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval."
}
]
},