Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/11/21/1
https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1658
Related Vulnerabilities
CVE-2021-20190 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-32287 Vulnerability in maven package org.apache.uima:uimaj-core
CVE-2020-28459 Vulnerability in npm package markdown-it-decorate
CVE-2022-40150 Vulnerability in maven package org.codehaus.jettison:jettison
CVE-2022-45381 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-utility-steps