Description

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/02/12/3

https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713

Related Vulnerabilities

CVE-2020-13929 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2023-26140 Vulnerability in npm package @excalidraw/excalidraw

CVE-2021-21353 Vulnerability in npm package pug-code-gen

CVE-2021-26540 Vulnerability in maven package org.webjars.npm:sanitize-html

CVE-2022-31108 Vulnerability in maven package org.webjars.npm:mermaid

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory