Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/07/31/1

https://access.redhat.com/errata/RHSA-2019:2651

https://access.redhat.com/errata/RHSA-2019:2594

https://access.redhat.com/errata/RHSA-2019:2662

https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29

Related Vulnerabilities

CVE-2022-23307 Vulnerability in maven package org.apache.logging.log4j:log4j

CVE-2023-45280 Vulnerability in maven package org.yamcs:yamcs-core

CVE-2020-2216 Vulnerability in maven package org.jenkins-ci.plugins:zephyr-for-jira-test-management

CVE-2023-42795 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-9548 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-noinfo