WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-2279 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Remediation

References

https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020

http://www.openwall.com/lists/oss-security/2020/09/23/1

Related Vulnerabilities

CVE-2014-6439 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-themes

CVE-2018-1000150 Vulnerability in maven package org.jenkins-ci.plugins:reverse-proxy-auth-plugin

CVE-2012-0022 Vulnerability in maven package tomcat:catalina

CVE-2019-16560 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Vendor Advisory Third Party Advisory NVD-CWE-noinfo