Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
Remediation
References
https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020
http://www.openwall.com/lists/oss-security/2020/09/23/1
Related Vulnerabilities
CVE-2023-0674 Vulnerability in maven package com.xuxueli:xxl-job-core
CVE-2022-35917 Vulnerability in npm package @solana/pay
CVE-2007-5333 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-2185 Vulnerability in maven package org.jenkins-ci.plugins:ec2
CVE-2023-49798 Vulnerability in npm package @openzeppelin/contracts