Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/11/21/1

https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1658

Related Vulnerabilities

CVE-2019-16777 Vulnerability in maven package org.webjars.bower:npm

CVE-2017-9735 Vulnerability in maven package org.eclipse.jetty:jetty-util

CVE-2019-1003045 Vulnerability in maven package de.eacg:ecs-publisher

CVE-2023-24807 Vulnerability in maven package org.webjars.npm:undici

CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-broker

Severity

Critical

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory