Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/07/31/1
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2651
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2594
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2662
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29
Scores
CVSS v3
8.8
EPSS
0.0004
EPSS Percentile
12.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (4)
jenkins/script_security
< 1.61
org.jenkins-ci.plugins/script-security
0 - 1.62Maven
redhat/openshift_container_platform
3.11
redhat/openshift_container_platform
4.1
Published
Jul 31, 2019
Tracked Since
Feb 18, 2026