Description
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.
Remediation
References
http://www.securityfocus.com/bid/96981
https://jenkins.io/security/advisory/2017-03-20/
Related Vulnerabilities
CVE-2018-15890 Vulnerability in maven package org.ethereum:ethereumj-core
CVE-2017-9803 Vulnerability in maven package org.apache.solr:solr-core
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.utilities
CVE-2017-16119 Vulnerability in maven package org.webjars.npm:fresh
CVE-2019-5427 Vulnerability in maven package com.mchange:c3p0