{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "1.1" }, { "introduced": "0" }, { "last_affected": "1.2" }, { "introduced": "0" }, { "last_affected": "1.3" }, { "introduced": "0" }, { "last_affected": "1.4" }, { "introduced": "0" }, { "last_affected": "1.5" }, { "introduced": "0" }, { "last_affected": "1.6" }, { "introduced": "0" }, { "last_affected": "1.7" }, { "introduced": "0" }, { "last_affected": "1.8" }, { "introduced": "0" }, { "last_affected": "1.9" }, { "introduced": "0" }, { "last_affected": "1.10" }, { "introduced": "0" }, { "last_affected": "1.11" }, { "introduced": "0" }, { "last_affected": "1.12" }, { "introduced": "0" }, { "last_affected": "1.13" }, { "introduced": "0" }, { "last_affected": "1.14" }, { "introduced": "0" }, { "last_affected": "1.15" }, { "introduced": "0" }, { "last_affected": "1.16" }, { "introduced": "0" }, { "last_affected": "1.17" }, { "introduced": "0" }, { "last_affected": "1.18" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "acc9ebe61a89792e7654fa30f52b7ef788f31f21" }, { "introduced": "0" }, { "last_affected": "d10091f6d8a131babce5ef529c91ee7ef6d7ae4f" }, { "introduced": "0" }, { "last_affected": "dba1b42d46520448f3ff1a9efd24a5258c8f6982" }, { "introduced": "0" }, { "last_affected": "8e2b7e9675ec4efc04eeacf100360930572bfe8d" }, { "introduced": "0" }, { "last_affected": "086e6cc787354646e1ef2b83eab20747746c4be1" }, { "introduced": "0" }, { "last_affected": "5fd61755d1a4f136d9503a2120c8364b60d3a5c1" }, { "introduced": "0" }, { "last_affected": "eb38c2d9caefdc0d09a8eccea8e31fac7e55ac27" }, { "introduced": "0" }, { "last_affected": "9d3eb5592ac2573bc6bdc7916a5a394cde39d08b" }, { "introduced": "0" }, { "last_affected": "10511ba9e324fa9116b33e3482c2e7e5288b217b" }, { "introduced": "0" }, { "last_affected": "6ea702198969397e05dcbc2d12023e3608952fbb" }, { "introduced": "0" }, { "last_affected": "10c5625f8e930098068dcca40763dc5c9c0ad052" }, { "introduced": "0" }, { "last_affected": "1fe2bedf7a3efac25d3328a48dac1ae802b7a806" }, { "introduced": "0" }, { "last_affected": "d69a95f282cae0aafbffc39cbaa02f237f773171" }, { "introduced": "0" }, { "last_affected": "1544de66f855734b96df34c4499bf1d4b813ba6e" }, { "introduced": "0" }, { "last_affected": "e6313e2fc80dc21faec21aedd9ca1d56711a0b22" }, { "introduced": "0" }, { "last_affected": "5387328481a23e0feab57bd87e68049df5113a1b" }, { "introduced": "0" }, { "last_affected": "29ea1798a6a42bc032c5659fc3f281c7c8af14e8" }, { "introduced": "0" }, { "last_affected": "3ddf1462410d757abe0edbf11d3dffe63f527ff0" }, { "introduced": "0" }, { "last_affected": "36e53d8ea23fa042071252877a74e824a6d314aa" } ], "repo": "https://github.com/jenkinsci/script-security-plugin", "type": "GIT" } ] } ], "details": "The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.", "id": "CVE-2016-3102", "modified": "2026-03-13T21:46:50.100074855Z", "published": "2017-02-09T15:59:01.003Z", "references": [ { "type": "ADVISORY", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" } ] }