Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/12/2
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538
Related Vulnerabilities
CVE-2019-10362 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-25864 Vulnerability in npm package node-red-contrib-huemagic
CVE-2022-43427 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test
CVE-2022-36894 Vulnerability in maven package org.jenkins-ci.plugins:clif-performance-testing