WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-2279 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/23/1

https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020

Related Vulnerabilities

CVE-2023-3672 Vulnerability in npm package webmention.js

CVE-2020-2187 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2016-2173 Vulnerability in maven package org.springframework.amqp:spring-amqp

CVE-2019-12041 Vulnerability in maven package org.webjars.bower:remarkable

CVE-2022-23458 Vulnerability in maven package org.webjars.npm:tui-grid

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo