Sandbox Bypass Vulnerability in Jenkins Script Security Plugin by Jenkins
CVE-2019-16538

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Script Security Plugin
Vendor: CVE Published:; 21 November 2019

Summary

A vulnerability in the Jenkins Script Security Plugin allows attackers to bypass sandbox restrictions through improper handling of default parameter expressions in closures. This flaw can enable unauthorized execution of arbitrary code within sandboxed environments, posing significant security risks to systems using affected versions of the plugin. Users are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Jenkins Script Security Plugin 1.67 and earlier

References

https://jenkins.io/security/advisory/2019-11-21/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2019/11/21/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 21, 2019
Vulnerability Reserved
Sep 20, 2019