Description

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/02/12/3

https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713

Related Vulnerabilities

CVE-2022-38369 Vulnerability in maven package org.apache.iotdb:iotdb-server

CVE-2022-36921 Vulnerability in maven package org.jenkins-ci.plugins:coverity

CVE-2020-7598 Vulnerability in maven package org.webjars.npm:minimist

CVE-2023-30513 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes

CVE-2021-23412 Vulnerability in npm package gitlogplus

Severity

Critical

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory