Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/11/21/1

https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1658

Related Vulnerabilities

CVE-2018-9207 Vulnerability in npm package jquery-file-upload

CVE-2023-46655 Vulnerability in maven package org.jenkins-ci.plugins:electricflow

CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote

CVE-2021-23397 Vulnerability in npm package @ianwalter/merge

CVE-2021-45105 Vulnerability in maven package org.apache.logging.log4j:log4j-core

Severity

Critical

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory