Return of Pointer Value Outside of Expected Rang in Jenkins Script Security Plugin

2022-05-2416:51:50

Google

osv.dev

0.003 Low

EPSS

Percentile

71.0%

JSON

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

CPENameOperatorVersion
org.jenkins-ci.plugins:script-securityeq1.17
org.jenkins-ci.plugins:script-securityeq1.21
org.jenkins-ci.plugins:script-securityeq1.31
org.jenkins-ci.plugins:script-securityeq1.49
org.jenkins-ci.plugins:script-securityeq1.9
org.jenkins-ci.plugins:script-securityeq1.37
org.jenkins-ci.plugins:script-securityeq1.56
org.jenkins-ci.plugins:script-securityeq1.10
org.jenkins-ci.plugins:script-securityeq1.57.1
org.jenkins-ci.plugins:script-securityeq1.0-beta-6

Name	Operator	Version
org.jenkins-ci.plugins:script-security	eq	1.17
org.jenkins-ci.plugins:script-security	eq	1.21
org.jenkins-ci.plugins:script-security	eq	1.31
org.jenkins-ci.plugins:script-security	eq	1.49
org.jenkins-ci.plugins:script-security	eq	1.9
org.jenkins-ci.plugins:script-security	eq	1.37
org.jenkins-ci.plugins:script-security	eq	1.56
org.jenkins-ci.plugins:script-security	eq	1.10
org.jenkins-ci.plugins:script-security	eq	1.57.1
org.jenkins-ci.plugins:script-security	eq	1.0-beta-6