Description
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.
Remediation
References
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713
http://www.openwall.com/lists/oss-security/2020/02/12/3
Related Vulnerabilities
CVE-2017-15683 Vulnerability in maven package org.craftercms:crafter-studio
CVE-2023-29515 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2023-27479 Vulnerability in maven package org.xwiki.platform:xwiki-platform-panels-ui
CVE-2019-0233 Vulnerability in maven package org.apache.struts:struts2-core