Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/01/2
https://access.redhat.com/errata/RHSA-2019:4055
https://access.redhat.com/errata/RHSA-2019:4089
https://access.redhat.com/errata/RHSA-2019:4097
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579
Related Vulnerabilities
CVE-2022-25171 Vulnerability in npm package p4
CVE-2022-37724 Vulnerability in maven package wonder.utilities:utilities
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-jms-processors
CVE-2017-12617 Vulnerability in maven package org.apache.tomcat:tomcat-util