Description
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.
Remediation
References
https://jenkins.io/security/advisory/2017-10-11/
Related Vulnerabilities
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-core
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-metadata-query-service-jdbc
CVE-2013-2055 Vulnerability in maven package org.apache.wicket:wicket
CVE-2020-11973 Vulnerability in maven package org.apache.camel:camel-netty
CVE-2019-10364 Vulnerability in maven package org.jenkins-ci.plugins:ec2