Lucene search
GoogleOSV:GHSA-QVHF-3567-PC4VHistoryMay 24, 2022 - 5:10 p.m.
Sandbox bypass vulnerability in Script Security Plugin
2022-05-2417:10:27
Google
osv.dev
11
script security plugin
sandbox bypass
arbitrary code execution
jenkins controller.
EPSS
0.001
Percentile
42.8%
Sandbox protection in Script Security Plugin 1.70 and earlier can be circumvented through:\n- Crafted constructor calls and bodies (due to an incomplete fix of SECURITY-582)
- Crafted method calls on objects that implement
GroovyInterceptable
This allows attackers able to specify and run sandboxed scripts to execute arbitrary code in the context of the Jenkins controller JVM.
Script Security Plugin 1.71 has additional restrictions and sanity checks to ensure that super constructors cannot be constructed without being intercepted by the sandbox. In addition, it also intercepts method calls on objects that implement GroovyInterceptable as calls to GroovyObject#invokeMethod(String, Object), which is on the list of dangerous signatures and should not be approved for use in the sandbox.
Related
nvd
nvd
CVE-2020-2135
2020-03-09 16:15:12
redhatcve
redhatcve
CVE-2020-2135
2020-03-31 08:47:53
veracode
veracode
Remote Code Execution (RCE)
2020-06-19 03:53:37
osv
osv
CVE-2020-2135
2020-03-09 16:15:12
cvelist
cvelist
CVE-2020-2135
2020-03-09 15:00:56
prion
prion
Design/Logic Flaw
2020-03-09 16:15:00
cve
cve
CVE-2020-2135
2020-03-09 16:15:12
github
github
Sandbox bypass vulnerability in Script Security Plugin
2022-05-24 17:10:27
redhat
redhat
nessus
nessus