Description
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.
Remediation
References
http://www.securityfocus.com/bid/96981
https://jenkins.io/security/advisory/2017-03-20/
Related Vulnerabilities
CVE-2021-41862 Vulnerability in maven package com.googlecode.aviator:aviator
CVE-2016-10619 Vulnerability in npm package pennyworth
CVE-2015-2912 Vulnerability in maven package com.orientechnologies:orientdb-core
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2019-10768 Vulnerability in maven package org.webjars.bower:angular