Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://access.redhat.com/errata/RHSA-2019:2651
https://access.redhat.com/errata/RHSA-2019:2594
https://access.redhat.com/errata/RHSA-2019:2662
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29
Related Vulnerabilities
CVE-2022-43421 Vulnerability in maven package org.jenkins-ci.plugins:tuleap-git-branch-source
CVE-2020-26237 Vulnerability in npm package highlight.js
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee10:jetty-ee10-servlets
CVE-2023-39410 Vulnerability in maven package org.apache.avro:avro
CVE-2020-26274 Vulnerability in npm package systeminformation