New vulnerability on the NVD: CVE-2017-1000505

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval.

Published at: January 25, 2018 at 11:29PM

Comments

Post a Comment

Popular posts from this blog

Detours for Bus Routes 23 and 103 on Saturday, Sept. 3 and Detours for Bus Routes 22, 200, 202, 203, 224, 238, 250 and 251 on Monday, Sept. 5

Bus routes 23 and 103 on detour on Saturday, Sept. 3 from 7 to 11 p.m. during the Dallas GSWS closing ceremony block party at the historic Crossroads on Cedar Springs. Bus routes 22, 200, 202, 203, 224, 238, 250 and 251 will be on detour during the Garland Labor Day Parade on Monday, Sept. 5 from 9 to 11:30 a.m. Reminder: DART buses and light rail will operate on a weekend schedule for the Labor Day holiday on Monday, Sept. 5. More information available at https://ift.tt/lst5vcZ
Read more

DART Announces 2022 Labor Day Schedule

Dallas Area Rapid Transit (DART) will operate on the following schedule for the Labor Day holiday on Monday, September 5. DART Buses and Light Rail: Operating on a weekend schedule. (Route 402 NorthPark Shuttle and Route 883 UTD Comet Cruiser will operate on a Sunday schedule.) The Trinity Railway Express (TRE): No service. DART GoLink: GoLink will operate only in zones that provide Sunday service. These zones include Northwest Dallas, Inland Port, Rylie, West Dallas, North Dallas, North Central Dallas and Park Cities. Service will be unavailable in all other zones. More information available at https://ift.tt/9m8w7MV
Read more

DART Announces Changes to Bus and GoLink Services Beginning Monday, September 26

DART continues to closely monitor both the New Bus Network and evolving GoLink on-demand system to provide prompt response to customer feedback and maintain safe and dependable service. Listed below are routes with a number of improvements and adjustments. Some of these changes have already taken effect or will become effective on Monday, September 26, 2022. For more information about these changes, please visit dart.org/servicechange. Bus Route Changes: Routes 45, 224, 230, 383, 436, 442. Schedule Adjustments: Routes 13, 45, 218, 222, 230, 232 and 235. Bus Bay Modifications: Hatcher Station, Addison Transit Center. GoLink Changes: Keller Springs GoLink, Preston Hollow GoLink
Read more