CVE-2019-16538 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/11/21/1

https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1658

Related Vulnerabilities

CVE-2020-2296 Vulnerability in maven package org.jenkins-ci.plugins:shared-objects

CVE-2019-1003057 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-approve

CVE-2020-5258 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo

CVE-2019-10184 Vulnerability in maven package io.undertow:undertow-servlet

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-kar

Severity

Critical

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H