CVE-2020-2110

CVSS v3.1 8.8 (High)

CVSS v2.0 6.5 (Medium)

EPSS 0.11 % (44^th)

Affected Products 1

Advisories 2

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2020-02-12 15:15:12
(4 years ago)
Updated Date: 2023-10-25 18:16:29
(10 months ago)

Affected Products

Jenkins

Script Security

Configuration #1

		CPE23	From	Up To
	Jenkins Script Security for Jenkins 1.69 and prior versions	cpe:2.3:a:jenkins:script_security::::::jenkins		<= 1.69