Description
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/02/12/3
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713
Related Vulnerabilities
CVE-2019-16776 Vulnerability in maven package org.webjars.npm:bin-links
CVE-2020-13934 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-23358 Vulnerability in maven package org.webjars.bower:underscore
CVE-2023-26117 Vulnerability in npm package angular
CVE-2021-41184 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui