Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/23/1

https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020

Related Vulnerabilities

CVE-2014-10068 Vulnerability in npm package inert

CVE-2020-13959 Vulnerability in maven package org.apache.velocity.tools:velocity-tools-view

CVE-2013-7378 Vulnerability in npm package hubot-scripts

CVE-2020-5259 Vulnerability in maven package org.webjars.npm:dojox

CVE-2022-24881 Vulnerability in maven package com.hccake:ballcat-codegen

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo