Description
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11
Related Vulnerabilities
CVE-2023-29527 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2019-10448 Vulnerability in maven package jenkins.xtc:extensivetesting
CVE-2014-0109 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs
CVE-2013-5855 Vulnerability in maven package org.glassfish:javax.faces
CVE-2018-5158 Vulnerability in maven package org.webjars.npm:pdfjs-dist