Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/07/31/1

https://access.redhat.com/errata/RHSA-2019:2594

https://access.redhat.com/errata/RHSA-2019:2651

https://access.redhat.com/errata/RHSA-2019:2662

https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29

Related Vulnerabilities

CVE-2023-26269 Vulnerability in maven package org.apache.james:james-server-guice-jmx

CVE-2019-0187 Vulnerability in maven package org.apache.jmeter:apachejmeter_core

CVE-2020-2188 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2021-4307 Vulnerability in maven package org.webjars.bower:baobab

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-noinfo