Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-2279 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/23/1

https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020

Related Vulnerabilities

CVE-2022-31198 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable

CVE-2022-29161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-crypto

CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:jempbox

CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui

CVE-2021-38294 Vulnerability in maven package org.apache.storm:storm-server

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo