Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/07/31/1

https://access.redhat.com/errata/RHSA-2019:2594

https://access.redhat.com/errata/RHSA-2019:2651

https://access.redhat.com/errata/RHSA-2019:2662

https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29

Related Vulnerabilities

CVE-2023-43495 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-47323 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2023-35142 Vulnerability in maven package com.checkmarx.jenkins:checkmarx

CVE-2021-23900 Vulnerability in maven package com.mikesamuel:json-sanitizer

CVE-2020-19697 Vulnerability in maven package org.webjars.bowergithub.pandao:editor.md

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-noinfo