Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/11/21/1
https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1658
Related Vulnerabilities
CVE-2019-16777 Vulnerability in maven package org.webjars.bower:npm
CVE-2017-9735 Vulnerability in maven package org.eclipse.jetty:jetty-util
CVE-2019-1003045 Vulnerability in maven package de.eacg:ecs-publisher
CVE-2023-24807 Vulnerability in maven package org.webjars.npm:undici
CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-broker