Description
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Remediation
References
https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1294
http://www.openwall.com/lists/oss-security/2019/08/28/4
Related Vulnerabilities
CVE-2023-45143 Vulnerability in npm package undici
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:portal-impl
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-api
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-dao
CVE-2023-31098 Vulnerability in maven package org.apache.inlong:manager-pojo