Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/23/1

https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020

Related Vulnerabilities

CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-jaas

CVE-2022-31830 Vulnerability in npm package kityminder

CVE-2022-43417 Vulnerability in maven package org.jenkins-ci.plugins:katalon

CVE-2015-7559 Vulnerability in maven package org.apache.activemq:activemq-all

CVE-2018-1000195 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo