Description

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Remediation

References

https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713

http://www.openwall.com/lists/oss-security/2020/02/12/3

Related Vulnerabilities

CVE-2019-16558 Vulnerability in maven package com.inflectra.spiratest.plugins:inflectra-spira-integration

CVE-2021-31811 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2023-32695 Vulnerability in npm package socket.io-parser

CVE-2023-45884 Vulnerability in npm package openmct

CVE-2023-26107 Vulnerability in npm package sketchsvg

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory