Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/23/1

https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020

Related Vulnerabilities

CVE-2020-7726 Vulnerability in npm package safe-object2

CVE-2021-31407 Vulnerability in maven package com.vaadin:flow-server

CVE-2020-15228 Vulnerability in npm package @actions/core

CVE-2021-4329 Vulnerability in maven package org.webjars.npm:json-logic-js

CVE-2019-10244 Vulnerability in maven package org.eclipse.kura:kura

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo