[MAVEN:GHSA-72GX-QQ2M-6XR2] Improper Control of Generation of Code in Jenkins Script Security Plugin

Severity Critical

Affected Packages 1

Fixed Packages 1

CVEs 1

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/script-security	<= 1.64

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/script-security	= 1.65

ID

MAVEN:GHSA-72GX-QQ2M-6XR2

Severity

critical

URL

https://github.com/advisories/GHSA-72gx-qq2m-6xr2

Published

2022-05-24T16:57:28
(2 years ago)

Modified

2023-10-26T18:53:31
(10 months ago)

Rights

Maven Security Team

Other Advisories

JENKINS:SECURITY-1579

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2019-10431
			https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579
			http://www.openwall.com/lists/oss-security/2019/10/01/2
			https://github.com/jenkinsci/script-security-plugin/commit/415b6e2f3fa0c2e4bd2f9c4a589a9e1fc9cbac8b
			https://github.com/jenkinsci/script-security-plugin/blob/7bd58b8635709cecdb50018844e5d6dbe1ce13ea/CHANGELOG.md
			https://access.redhat.com/errata/RHSA-2019:4055
			https://access.redhat.com/errata/RHSA-2019:4089
			https://access.redhat.com/errata/RHSA-2019:4097
			https://github.com/advisories/GHSA-72gx-qq2m-6xr2

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.jenkins-ci.plugins/script-security	org.jenkins-ci.plugins	script-security	<= 1.64
Fixed	pkg:maven/org.jenkins-ci.plugins/script-security	org.jenkins-ci.plugins	script-security	= 1.65

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date