Description
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29
Related Vulnerabilities
CVE-2020-5258 Vulnerability in maven package org.webjars:dojo
CVE-2023-50765 Vulnerability in maven package org.jenkins-ci.plugins:scriptler
CVE-2020-2244 Vulnerability in maven package org.jenkins-ci.plugins:build-failure-analyzer
CVE-2023-4771 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2022-48216 Vulnerability in npm package @uniswap/universal-router