Description
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
Remediation
References
http://www.securityfocus.com/bid/107476
https://access.redhat.com/errata/RHSA-2019:0739
https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339
Related Vulnerabilities
CVE-2016-4465 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2018-1337 Vulnerability in maven package org.apache.directory.api:api-ldap-client-api
CVE-2020-7774 Vulnerability in maven package org.webjars.npm:y18n
CVE-2019-1010266 Vulnerability in maven package org.webjars.npm:lodash
CVE-2022-43484 Vulnerability in maven package org.terasoluna.gfw:terasoluna-gfw-common