Description
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564
http://www.openwall.com/lists/oss-security/2022/11/15/4
Related Vulnerabilities
CVE-2021-33036 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-common
CVE-2017-12620 Vulnerability in maven package org.apache.opennlp:opennlp-tools
CVE-2017-8046 Vulnerability in maven package org.springframework.boot:spring-boot-starter-data-rest
CVE-2013-6372 Vulnerability in maven package org.jenkins-ci.plugins:subversion
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-script