Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/07/31/1

https://access.redhat.com/errata/RHSA-2019:2594

https://access.redhat.com/errata/RHSA-2019:2651

https://access.redhat.com/errata/RHSA-2019:2662

https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29

Related Vulnerabilities

CVE-2019-16557 Vulnerability in maven package com.redgate.plugins.redgatesqlci:redgate-sql-ci

CVE-2022-4742 Vulnerability in maven package org.webjars.npm:json-pointer

CVE-2020-28448 Vulnerability in npm package multi-ini

CVE-2024-4367 Vulnerability in maven package org.webjars.bower:pdfjs-dist

CVE-2021-43795 Vulnerability in maven package com.linecorp.armeria:armeria

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-noinfo