Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/23/1

https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020

Related Vulnerabilities

CVE-2022-25646 Vulnerability in npm package x-data-spreadsheet

CVE-2019-16777 Vulnerability in npm package npm

CVE-2019-8331 Vulnerability in npm package bootstrap

CVE-2020-28447 Vulnerability in npm package xopen

CVE-2022-3171 Vulnerability in maven package com.google.protobuf:protobuf-kotlin-lite

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo