Description

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Remediation

References

https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713

http://www.openwall.com/lists/oss-security/2020/02/12/3

Related Vulnerabilities

CVE-2022-36067 Vulnerability in npm package vm2

CVE-2022-34184 Vulnerability in maven package org.jenkins-ci.plugins:crx-content-package-deployer

CVE-2021-32853 Vulnerability in npm package erxes

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-common

CVE-2018-1000114 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory