Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1658

http://www.openwall.com/lists/oss-security/2019/11/21/1

Related Vulnerabilities

CVE-2023-45648 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2023-50728 Vulnerability in npm package probot

CVE-2023-24442 Vulnerability in maven package org.jenkins-ci.plugins:github-pr-coverage-status

CVE-2020-1724 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2023-42276 Vulnerability in maven package cn.hutool:hutool-json

Severity

Critical

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory