Sandbox bypass vulnerability in Jenkins Script Security Plugin

2022-05-2416:55:59

Google

osv.dev

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.9%

JSON

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.

CPENameOperatorVersion
org.jenkins-ci.plugins:script-securityeq1.17
org.jenkins-ci.plugins:script-securityeq1.21
org.jenkins-ci.plugins:script-securityeq1.31
org.jenkins-ci.plugins:script-securityeq1.49
org.jenkins-ci.plugins:script-securityeq1.9
org.jenkins-ci.plugins:script-securityeq1.37
org.jenkins-ci.plugins:script-securityeq1.56
org.jenkins-ci.plugins:script-securityeq1.10
org.jenkins-ci.plugins:script-securityeq1.57.1
org.jenkins-ci.plugins:script-securityeq1.62

Name	Operator	Version
org.jenkins-ci.plugins:script-security	eq	1.17
org.jenkins-ci.plugins:script-security	eq	1.21
org.jenkins-ci.plugins:script-security	eq	1.31
org.jenkins-ci.plugins:script-security	eq	1.49
org.jenkins-ci.plugins:script-security	eq	1.9
org.jenkins-ci.plugins:script-security	eq	1.37
org.jenkins-ci.plugins:script-security	eq	1.56
org.jenkins-ci.plugins:script-security	eq	1.10
org.jenkins-ci.plugins:script-security	eq	1.57.1
org.jenkins-ci.plugins:script-security	eq	1.62