Description

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/02/12/3

https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713

Related Vulnerabilities

CVE-2020-28446 Vulnerability in npm package ntesseract

CVE-2022-24375 Vulnerability in npm package node-opcua

CVE-2019-1003073 Vulnerability in maven package org.jenkins-ci.plugins:vsts-cd

CVE-2021-27515 Vulnerability in maven package org.webjars.npm:url-parse

CVE-2020-6462 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory