A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-3563 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
Github GHSA Github GHSA GHSA-ccr8-4xr7-cgj3 Sandbox bypass vulnerability in Jenkins Script Security Plugin
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2024-08-04T07:01:41.169Z

Reserved: 2019-12-05T00:00:00

Link: CVE-2020-2279

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-09-23T14:15:13.007

Modified: 2024-11-21T05:25:11.073

Link: CVE-2020-2279

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.