jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through default parameter expressions in constructors. This allowed attackers, able to specify and run sandboxed scripts, to execute arbitrary code in the context of the Jenkins master JVM. The highes...

PT-2019-11825 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.64 and earlier Description: A sandbox bypass issue related to the handling of default parameter expressions in constructors allows attackers to execute arbitrary code in sandboxed scripts...