Description
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-918
Related Vulnerabilities
CVE-2023-46242 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-40185 Vulnerability in npm package shescape
CVE-2019-10449 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader
CVE-2017-7669 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2022-41234 Vulnerability in maven package org.jenkins-ci.plugins:rundeck