CVE-2020-2279

9.9CRITICAL

Key Information:

Vendor: Jenkins
Status: Jenkins Script Security Plugin
Vendor: CVE Published:; 23 September 2020

Summary

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Affected Version(s)

Jenkins Script Security Plugin <= 1.74

Jenkins Script Security Plugin 1.66.5

References

https://www.jenkins.io/security/advisory/2020-09-23/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/09/23/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 23, 2020
Vulnerability Reserved
Dec 5, 2019