Description
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20%281%29
Related Vulnerabilities
CVE-2019-13127 Vulnerability in maven package org.webjars.bowergithub.jgraph:mxgraph
CVE-2021-23797 Vulnerability in npm package http-server-node
CVE-2020-8244 Vulnerability in npm package bl
CVE-2022-25760 Vulnerability in npm package accesslog
CVE-2021-29505 Vulnerability in maven package com.thoughtworks.xstream:xstream