Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.plugins/script-security@1.47
purl pkg:maven/org.jenkins-ci.plugins/script-security@1.47
Next non-vulnerable version 1.48
Latest non-vulnerable version 1368.vb
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-2hfm-g99a-67de
Aliases:
CVE-2018-1000865
GHSA-p4p5-3v2j-w5rv
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.
1.48
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:30:03.220276+00:00 GHSA Importer Affected by VCID-2hfm-g99a-67de https://github.com/advisories/GHSA-p4p5-3v2j-w5rv 38.1.0
2026-04-01T12:48:10.391626+00:00 GitLab Importer Affected by VCID-2hfm-g99a-67de https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/script-security/CVE-2018-1000865.yml 38.0.0