Description
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918
Related Vulnerabilities
CVE-2018-11775 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2020-6831 Vulnerability in npm package electron
CVE-2008-0128 Vulnerability in maven package tomcat:catalina
CVE-2020-2133 Vulnerability in maven package com.applatix.jenkins:applatix
CVE-2021-21349 Vulnerability in maven package com.thoughtworks.xstream:xstream