Description
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
Related Vulnerabilities
CVE-2023-46652 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation
CVE-2011-1411 Vulnerability in maven package org.opensaml:opensaml
CVE-2019-11358 Vulnerability in npm package jquery
CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources
CVE-2016-8750 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules