Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538

http://www.openwall.com/lists/oss-security/2019/09/12/2

Related Vulnerabilities

CVE-2022-0235 Vulnerability in npm package node-fetch

CVE-2013-1879 Vulnerability in maven package org.apache.activemq:activemq-client

CVE-2021-42357 Vulnerability in maven package org.apache.knox:gateway-service-knoxsso

CVE-2023-29203 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-2079 Vulnerability in npm package nocodb

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory NVD-CWE-Other