Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/07/31/1

https://access.redhat.com/errata/RHSA-2019:2594

https://access.redhat.com/errata/RHSA-2019:2651

https://access.redhat.com/errata/RHSA-2019:2662

https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29

Related Vulnerabilities

CVE-2021-23411 Vulnerability in npm package anchorme

CVE-2020-10992 Vulnerability in maven package com.linkedin.azkaban:azkaban-common

CVE-2022-41713 Vulnerability in maven package org.webjars.npm:deep-object-diff

CVE-2023-39155 Vulnerability in maven package org.jenkins-ci.plugins:chef-identity

CVE-2023-49653 Vulnerability in maven package org.jenkins-ci.plugins:jira

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-noinfo