Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/01/2
https://access.redhat.com/errata/RHSA-2019:4055
https://access.redhat.com/errata/RHSA-2019:4089
https://access.redhat.com/errata/RHSA-2019:4097
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579
Related Vulnerabilities
CVE-2021-41182 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2021-31405 Vulnerability in maven package com.vaadin:vaadin-text-field-flow
CVE-2020-13943 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2019-10318 Vulnerability in maven package org.jenkins-ci.plugins:azure-ad
CVE-2021-39157 Vulnerability in npm package detect-character-encoding