Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/07/31/1

https://access.redhat.com/errata/RHSA-2019:2594

https://access.redhat.com/errata/RHSA-2019:2651

https://access.redhat.com/errata/RHSA-2019:2662

https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29

Related Vulnerabilities

CVE-2022-23437 Vulnerability in maven package xerces:xercesimpl

CVE-2021-25930 Vulnerability in maven package org.opennms:opennms-webapp

CVE-2020-2295 Vulnerability in maven package org.jkva.maven-plugins:cascading-release-maven-plugin

CVE-2023-39155 Vulnerability in maven package org.jenkins-ci.plugins:chef-identity

CVE-2022-0722 Vulnerability in maven package org.webjars.npm:parse-url

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-noinfo