Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/09/23/1
https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020
Related Vulnerabilities
CVE-2020-7726 Vulnerability in npm package safe-object2
CVE-2021-31407 Vulnerability in maven package com.vaadin:flow-server
CVE-2020-15228 Vulnerability in npm package @actions/core
CVE-2021-4329 Vulnerability in maven package org.webjars.npm:json-logic-js
CVE-2019-10244 Vulnerability in maven package org.eclipse.kura:kura