Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/09/23/1
https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020
Related Vulnerabilities
CVE-2022-43405 Vulnerability in maven package io.jenkins.plugins:pipeline-groovy-lib
CVE-2019-13506 Vulnerability in npm package devalue
CVE-2016-10547 Vulnerability in npm package nunjucks
CVE-2018-3750 Vulnerability in maven package org.webjars.npm:deep-extend
CVE-2022-35915 Vulnerability in npm package openzeppelin-eth