Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/07/31/1
https://access.redhat.com/errata/RHSA-2019:2594
https://access.redhat.com/errata/RHSA-2019:2651
https://access.redhat.com/errata/RHSA-2019:2662
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29
Related Vulnerabilities
CVE-2019-0195 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2023-31581 Vulnerability in maven package com.usthe.sureness:sureness-core
CVE-2022-0686 Vulnerability in npm package url-parse
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all-server
CVE-2023-37259 Vulnerability in npm package matrix-react-sdk