Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://access.redhat.com/errata/RHSA-2019:2651
https://access.redhat.com/errata/RHSA-2019:2594
https://access.redhat.com/errata/RHSA-2019:2662
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%281%29
Related Vulnerabilities
CVE-2021-37701 Vulnerability in npm package tar
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-3224 Vulnerability in npm package nuxt
CVE-2019-10313 Vulnerability in maven package org.jenkins-ci.plugins:twitter
CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-core